diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-06-02 14:00:05 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-06-22 13:56:17 -0400 |
| commit | 8c6c93125f344ca117cc24b2e96c55b1d9ae31bd (patch) | |
| tree | f9f963bc8efd0f62d6d32ab4832f86d081554800 | |
| parent | c42684ad5bbac1744b11fde4b5efd244442ed2a8 (diff) | |
| download | freeipa-8c6c93125f344ca117cc24b2e96c55b1d9ae31bd.tar.gz freeipa-8c6c93125f344ca117cc24b2e96c55b1d9ae31bd.tar.xz freeipa-8c6c93125f344ca117cc24b2e96c55b1d9ae31bd.zip | |
Add separate role group for enrolling hosts, enrollhost
| -rw-r--r-- | install/updates/40-delegation.update | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update index 77dca721d..fa8d2af1a 100644 --- a/install/updates/40-delegation.update +++ b/install/updates/40-delegation.update @@ -79,6 +79,12 @@ add:cn: replicaadmin add:description: Replication Administrators add:member:'uid=admin,cn=users,cn=accounts,$SUFFIX' +dn: cn=enrollhost,cn=rolegroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: nestedgroup +add:cn: enrollhost +add:description: Host Enrollment + # Add the taskgroups referenced by the ACIs for user administration dn: cn=taskgroups,cn=accounts,$SUFFIX @@ -465,6 +471,7 @@ add:objectClass: nestedgroup add:cn: manage_host_keytab add:description: Manage host keytab add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX' +add:member:'cn=enrollhost,cn=rolegroups,cn=accounts,$SUFFIX' # Add the ACI needed to do host keytab admin dn: $SUFFIX @@ -482,6 +489,7 @@ add:objectClass: nestedgroup add:cn: enroll_host add:description: Enroll a host add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX' +add:member:'cn=enrollhost,cn=rolegroups,cn=accounts,$SUFFIX' # Add the ACI needed to do host enrollment. When this occurs we # set the krbPrincipalName, add krbPrincipalAux to objectClass and |