Add managed read permissions for compat tree

https://fedorahosted.org/freeipa/ticket/4521 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Petr Viktorin <pviktori@redhat.com> 2014-09-03 10:54:50 +0200
committer: Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com> 2014-09-05 13:50:29 +0200
commit: 418ce870bfbe13cea694a7b862cafe35c703f660 (patch)
tree: 0143860023172f1d9c5a45127bc80a3d2f347e73 /ipalib/plugins/group.py
parent: 4484d4d58b479f36dfadbe16fa3fdba901b52c58 (diff)
download: freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.tar.gz
freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.tar.xz
freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index 69740dfe1..a4340bb76 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -202,6 +202,16 @@ class group(LDAPObject):
             ],
             'default_privileges': {'Group Administrators'},
         },
+        'System: Read Group Compat Tree': {
+            'non_object': True,
+            'ipapermbindruletype': 'all',
+            'ipapermlocation': api.env.basedn,
+            'ipapermtarget': DN('cn=groups', 'cn=compat', api.env.basedn),
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'objectclass', 'cn', 'memberuid',
+            },
+        },
     }
 
     label = _('User Groups')
author	Petr Viktorin <pviktori@redhat.com>	2014-09-03 10:54:50 +0200
committer	Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com>	2014-09-05 13:50:29 +0200
commit	418ce870bfbe13cea694a7b862cafe35c703f660 (patch)
tree	0143860023172f1d9c5a45127bc80a3d2f347e73 /ipalib/plugins/group.py
parent	4484d4d58b479f36dfadbe16fa3fdba901b52c58 (diff)
download	freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.tar.gz freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.tar.xz freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.zip