From 27891173972ee0012ecaedc8ca9e9284edc47b28 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Sun, 16 Feb 2020 11:31:56 +0100
Subject: [PATCH] Allow service accounts to read everything including
 userpassword (used by Dovecot)

---
 consul/configuration/directory/bottin/config.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/consul/configuration/directory/bottin/config.json b/consul/configuration/directory/bottin/config.json
index 37b5236..27351f4 100644
--- a/consul/configuration/directory/bottin/config.json
+++ b/consul/configuration/directory/bottin/config.json
@@ -9,6 +9,7 @@
 		"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
 		"ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
 		"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
+		"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*",
 
 		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
 		"ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",