Allow IPA master hosts to update CA certificate in LDAP.

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2014-02-18 18:15:49 +0100
committer: Petr Viktorin <pviktori@redhat.com> 2014-07-30 16:04:21 +0200
commit: 73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a (patch)
tree: c628e60618e542bb3c4f0ce748981027f5f900e3 /install
parent: 35857026e6b96f7db6fc1d81167d75251f4baff1 (diff)
download: freeipa-73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a.tar.gz
freeipa-73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a.tar.xz
freeipa-73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update
index b54efdbd9..10579b759 100644
--- a/install/updates/40-delegation.update
+++ b/install/updates/40-delegation.update
@@ -71,6 +71,8 @@ add: member: 'cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX'
 dn: cn=Revoke Certificate,cn=permissions,cn=pbac,$SUFFIX
 add: member: 'cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX'
 
+dn: cn=ipa,cn=etc,$SUFFIX
+add:aci:'(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,$SUFFIX")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) userdn = "ldap:///fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX";)'
 
 # Automember tasks
 dn: cn=Automember Task Administrator,cn=privileges,cn=pbac,$SUFFIX
author	Jan Cholasta <jcholast@redhat.com>	2014-02-18 18:15:49 +0100
committer	Petr Viktorin <pviktori@redhat.com>	2014-07-30 16:04:21 +0200
commit	73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a (patch)
tree	c628e60618e542bb3c4f0ce748981027f5f900e3 /install
parent	35857026e6b96f7db6fc1d81167d75251f4baff1 (diff)
download	freeipa-73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a.tar.gz freeipa-73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a.tar.xz freeipa-73d8db6d92d2c1b44b6d7f07d28eef13c344aa8a.zip