diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2007-11-14 10:49:03 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2007-11-14 10:49:03 -0500 |
| commit | 3e715a04cf95de0add2c37d6cd5985c43de47dab (patch) | |
| tree | e8b9120376bdd83285bfb9e86d9d2572742ed7a4 /ipa-server/ipa-install/share | |
| parent | 7502ebe47940e6a5deb03a5f47c10b512cea6d5d (diff) | |
| download | freeipa-3e715a04cf95de0add2c37d6cd5985c43de47dab.tar.gz freeipa-3e715a04cf95de0add2c37d6cd5985c43de47dab.tar.xz freeipa-3e715a04cf95de0add2c37d6cd5985c43de47dab.zip | |
Add an editors group. This is used to generally grant access for users
to edit other users (the Edit link won't appear otherwise). Additional
delegation is need to grant permission to individual attributes.
Update the failed login page to indicate that it is a permission issue.
Don't allow access to policy at all for non-admins.
By default users can only edit themselves.
Diffstat (limited to 'ipa-server/ipa-install/share')
| -rw-r--r-- | ipa-server/ipa-install/share/bootstrap-template.ldif | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ipa-server/ipa-install/share/bootstrap-template.ldif b/ipa-server/ipa-install/share/bootstrap-template.ldif index ca8bdcb6b..8eb42b332 100644 --- a/ipa-server/ipa-install/share/bootstrap-template.ldif +++ b/ipa-server/ipa-install/share/bootstrap-template.ldif @@ -84,4 +84,14 @@ objectClass: top objectClass: groupofuniquenames objectClass: posixGroup gidNumber: 1002 +description: Default group for all users cn: ipausers + +dn: cn=editors,cn=groups,cn=accounts,$SUFFIX +changetype: add +objectClass: top +objectClass: groupofuniquenames +objectClass: posixGroup +gidNumber: 1003 +description: Limited admins who can edit other users +cn: editors |