diff options
author | Simo Sorce <ssorce@redhat.com> | 2008-02-28 13:35:10 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2008-02-28 13:35:10 -0500 |
commit | d7ad62cd7e1d861270e8fd0ff8a2dd7ddba90127 (patch) | |
tree | 561f4707e7da63317879cbe2ccec74cce1db66b9 /ipa-server/ipa-install | |
parent | 2c559fce85df777fbe26eca163cb4ae93e12c448 (diff) | |
download | freeipa-d7ad62cd7e1d861270e8fd0ff8a2dd7ddba90127.tar.gz freeipa-d7ad62cd7e1d861270e8fd0ff8a2dd7ddba90127.tar.xz freeipa-d7ad62cd7e1d861270e8fd0ff8a2dd7ddba90127.zip |
Make sure all entries are generated by us according to IPA
default tree. This patch make sure that the DS setup script
does not add unwanted entries.
Diffstat (limited to 'ipa-server/ipa-install')
-rw-r--r-- | ipa-server/ipa-install/share/bootstrap-template.ldif | 8 | ||||
-rw-r--r-- | ipa-server/ipa-install/share/default-aci.ldif | 2 |
2 files changed, 1 insertions, 9 deletions
diff --git a/ipa-server/ipa-install/share/bootstrap-template.ldif b/ipa-server/ipa-install/share/bootstrap-template.ldif index 0a969de38..014f9d61d 100644 --- a/ipa-server/ipa-install/share/bootstrap-template.ldif +++ b/ipa-server/ipa-install/share/bootstrap-template.ldif @@ -1,11 +1,3 @@ -dn: $SUFFIX -changetype: modify -add: objectClass -objectClass: pilotObject -- -add: info -info: IPA V1.0 - dn: cn=accounts,$SUFFIX changetype: add objectClass: top diff --git a/ipa-server/ipa-install/share/default-aci.ldif b/ipa-server/ipa-install/share/default-aci.ldif index d7b5d300b..a452b50d2 100644 --- a/ipa-server/ipa-install/share/default-aci.ldif +++ b/ipa-server/ipa-install/share/default-aci.ldif @@ -2,7 +2,7 @@ # FIXME: We need to allow truly anonymous access only to NIS data for older clients. We need to allow broad access to most attributes only to authenticated users dn: $SUFFIX changetype: modify -replace: aci +add: aci aci: (targetattr = "krbMKey")(version 3.0; acl "Only the kerberos account can access this one"; deny (read, search, compare, write) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";) aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admin can manage any entry"; allow (all) userdn = "ldap:///uid=admin,cn=sysaccounts,cn=etc,$SUFFIX";) |