diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-02-18 18:15:49 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a (patch) | |
tree | c628e60618e542bb3c4f0ce748981027f5f900e3 /install/updates/40-delegation.update | |
parent | 35857026e6b96f7db6fc1d81167d75251f4baff1 (diff) | |
download | freeipa-73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a.tar.gz freeipa-73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a.tar.xz freeipa-73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a.zip |
Allow IPA master hosts to update CA certificate in LDAP.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'install/updates/40-delegation.update')
-rw-r--r-- | install/updates/40-delegation.update | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update index b54efdbd9..10579b759 100644 --- a/install/updates/40-delegation.update +++ b/install/updates/40-delegation.update @@ -71,6 +71,8 @@ add: member: 'cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX' dn: cn=Revoke Certificate,cn=permissions,cn=pbac,$SUFFIX add: member: 'cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX' +dn: cn=ipa,cn=etc,$SUFFIX +add:aci:'(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,$SUFFIX")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) userdn = "ldap:///fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX";)' # Automember tasks dn: cn=Automember Task Administrator,cn=privileges,cn=pbac,$SUFFIX |