diff options
author | Simo Sorce <ssorce@redhat.com> | 2007-11-21 16:07:07 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2007-11-21 16:07:07 -0500 |
commit | b456d8424a89b157eb9b1438ed0c3590221cee70 (patch) | |
tree | 6c874b1f4f4582a3b3a3162dac3c7f87ebe9e9e3 /ipa-server/ipa-install | |
parent | 3580d0affb26498011a7a5ff1389cd1b6e534634 (diff) | |
download | freeipa-b456d8424a89b157eb9b1438ed0c3590221cee70.tar.gz freeipa-b456d8424a89b157eb9b1438ed0c3590221cee70.tar.xz freeipa-b456d8424a89b157eb9b1438ed0c3590221cee70.zip |
more s/unique// wrt groups members/objectclasses
Diffstat (limited to 'ipa-server/ipa-install')
-rw-r--r-- | ipa-server/ipa-install/share/bootstrap-template.ldif | 4 | ||||
-rw-r--r-- | ipa-server/ipa-install/share/default-aci.ldif | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/ipa-server/ipa-install/share/bootstrap-template.ldif b/ipa-server/ipa-install/share/bootstrap-template.ldif index c83976cba..dc403b637 100644 --- a/ipa-server/ipa-install/share/bootstrap-template.ldif +++ b/ipa-server/ipa-install/share/bootstrap-template.ldif @@ -143,7 +143,7 @@ cosPriority: 1 dn: cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX objectclass: top -objectclass: groupofuniquenames +objectclass: groupofnames dn: cn="cn=activated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX objectClass: top @@ -154,4 +154,4 @@ cosPriority: 0 dn: cn=Activated,cn=Account Inactivation,cn=accounts,$SUFFIX objectclass: top -objectclass: groupofuniquenames +objectclass: groupofnames diff --git a/ipa-server/ipa-install/share/default-aci.ldif b/ipa-server/ipa-install/share/default-aci.ldif index f5988f2e7..4a5befbec 100644 --- a/ipa-server/ipa-install/share/default-aci.ldif +++ b/ipa-server/ipa-install/share/default-aci.ldif @@ -7,7 +7,7 @@ aci: (targetattr=*)(version 3.0; acl "Admin can manage any entry"; allow (all) u aci: (targetattr="krbPrincipalName || krbUPEnabled || krbPrincipalKey || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData")(version 3.0; acl "KDC System Account"; allow (read, search, compare) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) aci: (targetattr="krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "KDC System Account"; allow (read, search, compare, write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) aci: (targetattr="userPassword || krbPrincipalKey ||sambaLMPassword || sambaNTPassword || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange")(version 3.0; acl "Kpasswd access to passowrd hashes for passowrd changes"; allow (read, write) userdn="ldap:///krbprincipalname=kadmin/changepw@$REALM,cn=$REALM,cn=kerberos,$SUFFIX";) -aci: (targetfilter="(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfUniqueNames)(objectClass=posixGroup))")(targetattr="*")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add,delete,read,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) +aci: (targetfilter="(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))")(targetattr="*")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add,delete,read,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) aci: (targetattr = "givenName || sn || cn || displayName || initials || loginShell || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || userPassword")(version 3.0;acl "Self service";allow (write) userdn="ldap:///self";) dn: cn=ipaConfig,cn=etc,$SUFFIX |