@!@
params = {}
if configRegistry['ldap/server/type'] == 'master':
    params[ 'right' ] = 'write'
else:
    params[ 'right' ] = 'read'

params[ 'base' ] = configRegistry[ 'ldap/base' ]

print '''
access to dn.regex="^univentionVirtualMachineUUID=([^,]+),cn=Information,cn=Virtual Machine Manager,%(base)s$" filter="(objectClass=univentionVirtualMachine)"
	by dn.onelevel="cn=dc,cn=computers,%(base)s" %(right)s
	by dn.onelevel="cn=memberserver,cn=computers,%(base)s" %(right)s
	by * read break

access to dn.regex="^cn=([^,]+),cn=CloudConnection,cn=Virtual Machine Manager,%(base)s$" filter="(objectClass=univentionVirtualMachineCloudConnection)"
	by dn.onelevel="cn=dc,cn=computers,%(base)s" %(right)s
	by dn.onelevel="cn=memberserver,cn=computers,%(base)s" %(right)s
	by * read break

access to dn.regex="^cn=(Information|CloudConnection),cn=Virtual Machine Manager,%(base)s$" attrs=children,entry
	by dn.onelevel="cn=dc,cn=computers,%(base)s" %(right)s
	by dn.onelevel="cn=memberserver,cn=computers,%(base)s" %(right)s
	by * read break

''' % params
@!@
