diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-06-20 16:21:35 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-06-20 22:18:43 +0200 |
commit | f486d23ad67a7337c7633e4216c5a0b0374002fc (patch) | |
tree | 54ffc880f6b7a9002174e3c28aa357203a0dfdee /install/updates/20-aci.update | |
parent | cf8f143e9823c06ed069c6a031c0c4aa80288840 (diff) | |
download | freeipa-f486d23ad67a7337c7633e4216c5a0b0374002fc.tar.gz freeipa-f486d23ad67a7337c7633e4216c5a0b0374002fc.tar.xz freeipa-f486d23ad67a7337c7633e4216c5a0b0374002fc.zip |
Allow anonymous read access to virtual operation entries
These entries are the same in all IPA installations, so there's
no need to hide them.
Also remove the ipaVirtualOperation objectclass, since it is
no longer needed.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'install/updates/20-aci.update')
-rw-r--r-- | install/updates/20-aci.update | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update index 42fca71f3..4eb5c737a 100644 --- a/install/updates/20-aci.update +++ b/install/updates/20-aci.update @@ -23,7 +23,7 @@ add:aci:'(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || # Read access to containers dn: $SUFFIX -add:aci:'(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy))(!(objectclass=ipaVirtualOperation)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,$SUFFIX")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)' +add:aci:'(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,$SUFFIX")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)' dn: cn=replicas,cn=ipa,cn=etc,$SUFFIX add:aci:'(targetfilter="(objectclass=nsContainer)")(version 3.0; acl "Deny read access to replica configuration"; deny(read, search, compare) userdn = "ldap:///anyone";)' |