summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-06-02 14:00:05 -0400
committerRob Crittenden <rcritten@redhat.com>2010-06-22 13:56:17 -0400
commit8c6c93125f344ca117cc24b2e96c55b1d9ae31bd (patch)
treef9f963bc8efd0f62d6d32ab4832f86d081554800 /install
parentc42684ad5bbac1744b11fde4b5efd244442ed2a8 (diff)
downloadfreeipa-8c6c93125f344ca117cc24b2e96c55b1d9ae31bd.tar.gz
freeipa-8c6c93125f344ca117cc24b2e96c55b1d9ae31bd.tar.xz
freeipa-8c6c93125f344ca117cc24b2e96c55b1d9ae31bd.zip
Add separate role group for enrolling hosts, enrollhost
Diffstat (limited to 'install')
-rw-r--r--install/updates/40-delegation.update8
1 files changed, 8 insertions, 0 deletions
diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update
index 77dca721d..fa8d2af1a 100644
--- a/install/updates/40-delegation.update
+++ b/install/updates/40-delegation.update
@@ -79,6 +79,12 @@ add:cn: replicaadmin
add:description: Replication Administrators
add:member:'uid=admin,cn=users,cn=accounts,$SUFFIX'
+dn: cn=enrollhost,cn=rolegroups,cn=accounts,$SUFFIX
+add:objectClass: top
+add:objectClass: nestedgroup
+add:cn: enrollhost
+add:description: Host Enrollment
+
# Add the taskgroups referenced by the ACIs for user administration
dn: cn=taskgroups,cn=accounts,$SUFFIX
@@ -465,6 +471,7 @@ add:objectClass: nestedgroup
add:cn: manage_host_keytab
add:description: Manage host keytab
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
+add:member:'cn=enrollhost,cn=rolegroups,cn=accounts,$SUFFIX'
# Add the ACI needed to do host keytab admin
dn: $SUFFIX
@@ -482,6 +489,7 @@ add:objectClass: nestedgroup
add:cn: enroll_host
add:description: Enroll a host
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
+add:member:'cn=enrollhost,cn=rolegroups,cn=accounts,$SUFFIX'
# Add the ACI needed to do host enrollment. When this occurs we
# set the krbPrincipalName, add krbPrincipalAux to objectClass and