trusts: Allow reading system trust accounts by adtrust agents

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Tomas Babej <tbabej@redhat.com> 2014-06-24 18:24:32 +0200
committer: Petr Viktorin <pviktori@redhat.com> 2014-06-25 15:01:52 +0200
commit: c2e6b74029e08a4eadb7a14a4c711febfc83b5be (patch)
tree: 9a5ee7c1638cf5f479bf327d3a9c51f3b13fd2f1 /install/updates/60-trusts.update
parent: 8f9838c7ef825fe102de82adf0e8f3409d562305 (diff)
download: freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.tar.gz
freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.tar.xz
freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/install/updates/60-trusts.update b/install/updates/60-trusts.update
index 371bf656f..d55bc94bb 100644
--- a/install/updates/60-trusts.update
+++ b/install/updates/60-trusts.update
@@ -15,6 +15,14 @@ default: objectClass: GroupOfNames
 default: objectClass: top
 default: cn: adtrust agents
 
+dn: cn=ADTrust Agents,cn=privileges,cn=pbac,$SUFFIX
+default: objectClass: top
+default: objectClass: groupofnames
+default: objectClass: nestedgroup
+default: cn: ADTrust Agents
+default: description: System accounts able to access trust information
+default: member: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX
+
 dn: cn=trusts,$SUFFIX
 default: objectClass: top
 default: objectClass: nsContainer
author	Tomas Babej <tbabej@redhat.com>	2014-06-24 18:24:32 +0200
committer	Petr Viktorin <pviktori@redhat.com>	2014-06-25 15:01:52 +0200
commit	c2e6b74029e08a4eadb7a14a4c711febfc83b5be (patch)
tree	9a5ee7c1638cf5f479bf327d3a9c51f3b13fd2f1 /install/updates/60-trusts.update
parent	8f9838c7ef825fe102de82adf0e8f3409d562305 (diff)
download	freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.tar.gz freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.tar.xz freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.zip