Add usercertificate attribute to user plugin

Part of: https://fedorahosted.org/freeipa/tickets/4938 Reviewed-By: Martin Basti <mbasti@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2015-05-18 22:11:52 -0400
committer: Jan Cholasta <jcholast@redhat.com> 2015-06-04 08:27:33 +0000
commit: 979947f7f21749b45176c39f66060564e19466e3 (patch)
tree: 0f618b93d2e0c8a0a3d09877556408b7821614a1 /install
parent: 4cf2bfcaa62e9220fdeee952bf719452884507cd (diff)
download: freeipa-979947f7f21749b45176c39f66060564e19466e3.tar.gz
freeipa-979947f7f21749b45176c39f66060564e19466e3.tar.xz
freeipa-979947f7f21749b45176c39f66060564e19466e3.zip
2 files changed, 5 insertions, 0 deletions
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif
index af7eedb0b..7b174e774 100644
--- a/install/share/default-aci.ldif
+++ b/install/share/default-aci.ldif
@@ -10,6 +10,7 @@ changetype: modify
 add: aci
 aci: (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype  || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)
 aci: (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)
+aci: (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)
 
 dn: cn=etc,$SUFFIX
 changetype: modify
diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update
index fde3afeee..4a8b67c65 100644
--- a/install/updates/20-aci.update
+++ b/install/updates/20-aci.update
@@ -79,3 +79,7 @@ add:aci: (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Group
 add:aci: (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)
 add:aci: (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)
 add:aci: (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)
+
+# User certificates
+dn: $SUFFIX
+add:aci:(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)
author	Fraser Tweedale <ftweedal@redhat.com>	2015-05-18 22:11:52 -0400
committer	Jan Cholasta <jcholast@redhat.com>	2015-06-04 08:27:33 +0000
commit	979947f7f21749b45176c39f66060564e19466e3 (patch)
tree	0f618b93d2e0c8a0a3d09877556408b7821614a1 /install
parent	4cf2bfcaa62e9220fdeee952bf719452884507cd (diff)
download	freeipa-979947f7f21749b45176c39f66060564e19466e3.tar.gz freeipa-979947f7f21749b45176c39f66060564e19466e3.tar.xz freeipa-979947f7f21749b45176c39f66060564e19466e3.zip