Add aci to make managed netgroups immutable.

ticket 962
author: Rob Crittenden <rcritten@redhat.com> 2011-02-17 17:19:24 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2011-02-18 15:29:51 -0500
commit: 496ab3f738d55e9356142048dcfef2caa46c121f (patch)
tree: 988cfc48e76564cc16fbb8935f46a97ed71f4d9b /install/updates/20-aci.update
parent: 6943acc1615da141d86dc9a84c7f86629199516f (diff)
download: freeipa-496ab3f738d55e9356142048dcfef2caa46c121f.tar.gz
freeipa-496ab3f738d55e9356142048dcfef2caa46c121f.tar.xz
freeipa-496ab3f738d55e9356142048dcfef2caa46c121f.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update
new file mode 100644
index 000000000..42f1e9fe6
--- /dev/null
+++ b/install/updates/20-aci.update
@@ -0,0 +1,4 @@
+# Don't allow managed netgroups to be modified
+dn: cn=ng,cn=alt,$SUFFIX
+add:aci: '(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)'
+
author	Rob Crittenden <rcritten@redhat.com>	2011-02-17 17:19:24 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2011-02-18 15:29:51 -0500
commit	496ab3f738d55e9356142048dcfef2caa46c121f (patch)
tree	988cfc48e76564cc16fbb8935f46a97ed71f4d9b /install/updates/20-aci.update
parent	6943acc1615da141d86dc9a84c7f86629199516f (diff)
download	freeipa-496ab3f738d55e9356142048dcfef2caa46c121f.tar.gz freeipa-496ab3f738d55e9356142048dcfef2caa46c121f.tar.xz freeipa-496ab3f738d55e9356142048dcfef2caa46c121f.zip