diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-09-12 09:34:35 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-09-16 17:59:12 -0400 |
commit | d8ba7d9145bda85aac3cf4810d36927f2325e267 (patch) | |
tree | 787c35d086fbf56fa465291aefce2f62eb65bdbe /install/updates | |
parent | edf81385688a04bb138905d4322e29b3963a4a11 (diff) | |
download | freeipa-d8ba7d9145bda85aac3cf4810d36927f2325e267.tar.gz freeipa-d8ba7d9145bda85aac3cf4810d36927f2325e267.tar.xz freeipa-d8ba7d9145bda85aac3cf4810d36927f2325e267.zip |
Amend memberAllowCmd and memberDenyCmd attribute types
Attribute types of attributes designed to hold DN values are not
supposed to hold own ORDERING or SUBSTR matching rules (which were
even not correct in this case).
Update these attributes to only define an EQUALITY rule just like
other DN attribute types in IPA.
https://fedorahosted.org/freeipa/ticket/2866
Diffstat (limited to 'install/updates')
-rw-r--r-- | install/updates/10-60basev3.update | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/install/updates/10-60basev3.update b/install/updates/10-60basev3.update index dbd68581e..0a3481503 100644 --- a/install/updates/10-60basev3.update +++ b/install/updates/10-60basev3.update @@ -8,3 +8,5 @@ add:attributeTypes: (2.16.840.1.113730.3.8.11.32 NAME 'ipaKrbPrincipalAlias' DES add:attributeTypes: (2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 'type of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3') add:objectClasses: (2.16.840.1.113730.3.8.12.8 NAME 'ipaKrbPrincipal' SUP krbPrincipalAux AUXILIARY MUST ( krbPrincipalName $$ ipaKrbPrincipalAlias ) X-ORIGIN 'IPA v3' ) replace:objectClasses: ( 2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf $$ managedBy ) X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf $$ managedBy $$ ipaKrbAuthzData) X-ORIGIN 'IPA v2' ) +replace:attributeTypes:( 2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'Reference to a command or group of commands that are allowed by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'Reference to a command or group of commands that are allowed by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) +replace:attributeTypes:( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Reference to a command or group of commands that are denied by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Reference to a command or group of commands that are denied by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) |