diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-09-05 15:25:29 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com> | 2014-09-05 15:40:13 +0200 |
commit | 68d656f80a483a57f5ed80b7ead03a071abb0ef0 (patch) | |
tree | fe6f2979a59b3209503799f1054e6bc8b796eed1 /ipalib/plugins/group.py | |
parent | c50dff22827cefbb0b0838bf7e9b1e3fcf8752c0 (diff) | |
download | freeipa-68d656f80a483a57f5ed80b7ead03a071abb0ef0.tar.gz freeipa-68d656f80a483a57f5ed80b7ead03a071abb0ef0.tar.xz freeipa-68d656f80a483a57f5ed80b7ead03a071abb0ef0.zip |
Fix: Add managed read permissions for compat tree and operational attrs
This is a fix for an earlier version, which was committed by mistake as:
master: 418ce870bfbe13cea694a7b862cafe35c703f660
ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17
ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7
Thanks to Alexander Bokovoy for contributions
https://fedorahosted.org/freeipa/ticket/4521
Diffstat (limited to 'ipalib/plugins/group.py')
-rw-r--r-- | ipalib/plugins/group.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index a4340bb76..8d2e69f06 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -204,12 +204,12 @@ class group(LDAPObject): }, 'System: Read Group Compat Tree': { 'non_object': True, - 'ipapermbindruletype': 'all', + 'ipapermbindruletype': 'anonymous', 'ipapermlocation': api.env.basedn, 'ipapermtarget': DN('cn=groups', 'cn=compat', api.env.basedn), 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': { - 'objectclass', 'cn', 'memberuid', + 'objectclass', 'cn', 'memberuid', 'gidnumber', }, }, } |