@!@
ldap_base=baseConfig['ldap/base']
if baseConfig['ldap/server/type'] == 'master':
	access = 'write'
else:
	access = 'read'

print '''
access to dn="cn=admin-settings,cn=univention,%(base)s" attrs="entry,children"
	by users %(access)s
	by * none break
''' % { 'base' : ldap_base, 'access' : access }

print '''
access to dn.regex="^uid=([^,]+),cn=admin-settings,cn=univention,%(base)s$"
	by dn.regex="^uid=$1,.*%(base)s$$" %(access)s''' % { 'base' : ldap_base, 'access' : access }
if configRegistry['ldap/server/type'] == "slave":
	print '\tby dn.base="cn=admin,%(base)s" %(access)s' % { 'base' : ldap_base, 'access' : access }
print '\tby * none'
@!@
