Add support for tracking and counting entitlements

Adds a plugin, entitle, to register to the entitlement server, consume entitlements and to count and track them. It is also possible to import an entitlement certificate (if for example the remote entitlement server is unaviailable). This uses the candlepin server from https://fedorahosted.org/candlepin/wiki for entitlements. Add a cron job to validate the entitlement status and syslog the results. tickets 28, 79, 278
author: Rob Crittenden <rcritten@redhat.com> 2011-02-01 14:24:46 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2011-02-02 10:00:38 -0500
commit: 275998f6bde90c253d935c2f2724538b64cbd618 (patch)
tree: bd2840606a906276d21e646eae47db49f7adb6c2 /install/share/default-aci.ldif
parent: f3d04bfc405753b3c6a11a53ec6b2ccc99e8bf09 (diff)
download: freeipa-275998f6bde90c253d935c2f2724538b64cbd618.tar.gz
freeipa-275998f6bde90c253d935c2f2724538b64cbd618.tar.xz
freeipa-275998f6bde90c253d935c2f2724538b64cbd618.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif
index e4f767054..7c0ae8bd8 100644
--- a/install/share/default-aci.ldif
+++ b/install/share/default-aci.ldif
@@ -3,7 +3,7 @@
 dn: $SUFFIX
 changetype: modify
 add: aci
-aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";)
+aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || userPKCS12")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";)
 aci: (targetattr = "memberOf || memberHost || memberUser")(version 3.0; acl "No anonymous access to member information"; deny (read,search,compare) userdn != "ldap:///all";)
 aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)
 aci: (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)
author	Rob Crittenden <rcritten@redhat.com>	2011-02-01 14:24:46 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2011-02-02 10:00:38 -0500
commit	275998f6bde90c253d935c2f2724538b64cbd618 (patch)
tree	bd2840606a906276d21e646eae47db49f7adb6c2 /install/share/default-aci.ldif
parent	f3d04bfc405753b3c6a11a53ec6b2ccc99e8bf09 (diff)
download	freeipa-275998f6bde90c253d935c2f2724538b64cbd618.tar.gz freeipa-275998f6bde90c253d935c2f2724538b64cbd618.tar.xz freeipa-275998f6bde90c253d935c2f2724538b64cbd618.zip