Remove common entries when deleting a master.

Fixes: https://fedorahosted.org/freeipa/ticket/550
author: Simo Sorce <ssorce@redhat.com> 2010-12-10 09:48:06 -0500
committer: Simo Sorce <ssorce@redhat.com> 2010-12-21 17:28:13 -0500
commit: 1cf67fe8503981b8aca985043bc5a8cd2799a365 (patch)
tree: b36aa7612450d407d9737b5d3600d3b987b1c800 /install/share/default-aci.ldif
parent: 5884fdf0f864d67fe7ee48d29f3c023882bc2891 (diff)
download: freeipa-1cf67fe8503981b8aca985043bc5a8cd2799a365.tar.gz
freeipa-1cf67fe8503981b8aca985043bc5a8cd2799a365.tar.xz
freeipa-1cf67fe8503981b8aca985043bc5a8cd2799a365.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif
index d0dfa23d7..159cb07bd 100644
--- a/install/share/default-aci.ldif
+++ b/install/share/default-aci.ldif
@@ -23,6 +23,11 @@ changetype: modify
 add: aci
 aci: (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)
 
+dn: cn=ipa,cn=etc,$SUFFIX
+changetype: modify
+add: aci
+aci: (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)
+
 dn: cn=accounts,$SUFFIX
 changetype: modify
 add: aci
author	Simo Sorce <ssorce@redhat.com>	2010-12-10 09:48:06 -0500
committer	Simo Sorce <ssorce@redhat.com>	2010-12-21 17:28:13 -0500
commit	1cf67fe8503981b8aca985043bc5a8cd2799a365 (patch)
tree	b36aa7612450d407d9737b5d3600d3b987b1c800 /install/share/default-aci.ldif
parent	5884fdf0f864d67fe7ee48d29f3c023882bc2891 (diff)
download	freeipa-1cf67fe8503981b8aca985043bc5a8cd2799a365.tar.gz freeipa-1cf67fe8503981b8aca985043bc5a8cd2799a365.tar.xz freeipa-1cf67fe8503981b8aca985043bc5a8cd2799a365.zip