diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-05-31 12:39:24 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-06-01 07:51:59 +0200 |
| commit | 6ff5f28142c46bf5f08fef74c261f75e1baa9f66 (patch) | |
| tree | 68d497483906af2844f2668747fcce360b409306 /install | |
| parent | 0ca29fac9af4cd437a8536f28ffd25923ec3f8cd (diff) | |
| download | freeipa-6ff5f28142c46bf5f08fef74c261f75e1baa9f66.tar.gz freeipa-6ff5f28142c46bf5f08fef74c261f75e1baa9f66.tar.xz freeipa-6ff5f28142c46bf5f08fef74c261f75e1baa9f66.zip | |
permission-find missed some results with --pkey-only option
When permission-find post callback detected a --pkey-only option,
it just terminated. However, this way the results that could have
been added from aci_find matches were not included.
Fix the post callback to go through the entire matching process.
Also make sure that DNS permissions have a correct objectclass
(ipapermission), otherwise such objects are not matched by the
permission LDAP search.
https://fedorahosted.org/freeipa/ticket/2658
Diffstat (limited to 'install')
| -rw-r--r-- | install/share/dns.ldif | 4 | ||||
| -rw-r--r-- | install/updates/40-dns.update | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/install/share/dns.ldif b/install/share/dns.ldif index cd77fe22c..81ba21009 100644 --- a/install/share/dns.ldif +++ b/install/share/dns.ldif @@ -34,6 +34,7 @@ dn: cn=add dns entries,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: groupofnames objectClass: top +objectClass: ipapermission cn: add dns entries description: Add DNS entries member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -43,6 +44,7 @@ dn: cn=remove dns entries,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: groupofnames objectClass: top +objectClass: ipapermission cn: remove dns entries description: Remove DNS entries member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -52,6 +54,7 @@ dn: cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: groupofnames objectClass: top +objectClass: ipapermission cn: update dns entries description: Update DNS entries member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -72,6 +75,7 @@ dn: cn=Write DNS Configuration,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: groupofnames objectClass: top +objectClass: ipapermission cn: Write DNS Configuration description: Write DNS Configuration member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX diff --git a/install/updates/40-dns.update b/install/updates/40-dns.update index 02af8e467..3dacb248f 100644 --- a/install/updates/40-dns.update +++ b/install/updates/40-dns.update @@ -1,17 +1,23 @@ # Add missing member values to attach permissions to their respective # privileges and run a memberOf task. dn: cn=add dns entries,cn=permissions,cn=pbac,$SUFFIX +addifexist:objectclass: ipapermission addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX' addifexist:member: 'cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX' dn: cn=remove dns entries,cn=permissions,cn=pbac,$SUFFIX +addifexist:objectclass: ipapermission addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX' addifexist:member: 'cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX' dn: cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX +addifexist:objectclass: ipapermission addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX' addifexist:member: 'cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX' +dn: cn=Write DNS Configuration,cn=permissions,cn=pbac,$SUFFIX +addifexist:objectclass: ipapermission + dn: cn=Update PBAC memberOf $TIME, cn=memberof task, cn=tasks, cn=config add: objectClass: top add: objectClass: extensibleObject |