diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-10-06 17:33:05 -0400 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2010-10-06 21:52:11 -0400 |
| commit | 68604a79824a7acf7a3733bc9ccb7685da16e0e0 (patch) | |
| tree | 28b72b8f29233d8346bfd9dadf027f71840eab9f /install/share | |
| parent | 8ded383b628f67f3ef4240208acad462ea53c316 (diff) | |
| download | freeipa-68604a79824a7acf7a3733bc9ccb7685da16e0e0.tar.gz freeipa-68604a79824a7acf7a3733bc9ccb7685da16e0e0.tar.xz freeipa-68604a79824a7acf7a3733bc9ccb7685da16e0e0.zip | |
Fix a couple of typos in some ACIs.
One typo was mis-spelling the admins group name
The second was an extraneous 'aci' in the name of two acis.
ticket 335
Diffstat (limited to 'install/share')
| -rw-r--r-- | install/share/default-aci.ldif | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif index 3b6d16aa8..e7c482f7f 100644 --- a/install/share/default-aci.ldif +++ b/install/share/default-aci.ldif @@ -4,7 +4,7 @@ dn: $SUFFIX changetype: modify add: aci aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";) -aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groupss,cn=accounts,$SUFFIX";) +aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) aci: (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword")(version 3.0; acl "Self can write own password"; allow (write) userdn="ldap:///self";) aci: (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) aci: (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Password change service can read/write passwords"; allow (read, write) userdn="ldap:///krbprincipalname=kadmin/changepw@$REALM,cn=$REALM,cn=kerberos,$SUFFIX";) @@ -43,12 +43,12 @@ aci: (targetattr="krbPrincipalName || krbCanonicalName || krbUPEnabled || krbPri dn: cn=services,cn=accounts,$SUFFIX changetype: modify add: aci -aci: (targetattr="userCertificate || krbPrincipalKey")(version 3.0; aci "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) +aci: (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) # Allow hosts to update their own certificate in host/ # krbLastPwdChange lets a host unenroll itself dn: cn=computers,cn=accounts,$SUFFIX changetype: modify add: aci -aci: (targetattr="userCertificate || krbLastPwdChange")(version 3.0; aci "Hosts can modify service userCertificate"; allow(write) userdn = "ldap:///self";) +aci: (targetattr="userCertificate || krbLastPwdChange")(version 3.0; acl "Hosts can modify service userCertificate"; allow(write) userdn = "ldap:///self";) |