diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2015-05-12 12:31:46 +0000 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2015-07-07 10:33:53 +0300 |
commit | b850385e6bdfd727cb5a801ae4f341dbd93331fe (patch) | |
tree | df20c821c136bc05eeda01e37271d7a0e7bb9438 /ACI.txt | |
parent | b7a3b206deb3257b3a78939f0d2a6a114e48b758 (diff) | |
download | freeipa-b850385e6bdfd727cb5a801ae4f341dbd93331fe.tar.gz freeipa-b850385e6bdfd727cb5a801ae4f341dbd93331fe.tar.xz freeipa-b850385e6bdfd727cb5a801ae4f341dbd93331fe.zip |
ipa-adtrust-install: add IPA master host principal to adtrust agents
Fixes https://fedorahosted.org/freeipa/ticket/4951
Diffstat (limited to 'ACI.txt')
-rw-r--r-- | ACI.txt | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -299,7 +299,7 @@ aci: (targetattr = "cmdcategory || cn || createtimestamp || description || entry dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || ou || sudocommand || sudohost || sudonotafter || sudonotbefore || sudooption || sudoorder || sudorunas || sudorunasgroup || sudorunasuser || sudouser")(target = "ldap:///ou=sudoers,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Sudoers compat tree";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=trusts,dc=ipa,dc=example -aci: (targetattr = "cn || createtimestamp || entryusn || ipantflatname || ipantsecurityidentifier || ipantsidblacklistincoming || ipantsidblacklistoutgoing || ipanttrusteddomainsid || ipanttrustpartner || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Trust Information";allow (compare,read,search) userdn = "ldap:///all";) +aci: (targetattr = "cn || createtimestamp || entryusn || ipantflatname || ipantsecurityidentifier || ipantsidblacklistincoming || ipantsidblacklistoutgoing || ipanttrustdirection || ipanttrusteddomainsid || ipanttrustpartner || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Trust Information";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=trusts,dc=ipa,dc=example aci: (targetattr = "gidnumber || krbprincipalname || uidnumber")(version 3.0;acl "permission:System: Read system trust accounts";allow (compare,read,search) groupdn = "ldap:///cn=System: Read system trust accounts,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=groups,cn=accounts,dc=ipa,dc=example |