Make sure member* attrs are always granted together in read permissions

Memberofindirect processing of an entry doesn't work if the user doesn't have rights to any one of these attributes: - member - memberuser - memberhost Add all of these to any read permission that specifies any of them. Add a check to makeaci that will enforce this for any future permissions. Reviewed-By: Martin Kosek <mkosek@redhat.com>
author: Petr Viktorin <pviktori@redhat.com> 2014-06-10 12:31:29 +0200
committer: Petr Viktorin <pviktori@redhat.com> 2014-06-11 13:21:30 +0200
commit: b6258d08d6c5605b32151654c6259f7c77f1a32b (patch)
tree: 7498bba33fa7f720e86ceec7203333da88a27719 /ipalib/plugins/group.py
parent: 2f3cdba54620989afba0ce1b423cddb56b841ab3 (diff)
download: freeipa-b6258d08d6c5605b32151654c6259f7c77f1a32b.tar.gz
freeipa-b6258d08d6c5605b32151654c6259f7c77f1a32b.tar.xz
freeipa-b6258d08d6c5605b32151654c6259f7c77f1a32b.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index 0de577dd0..581ee70b6 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -157,7 +157,7 @@ class group(LDAPObject):
             'ipapermbindruletype': 'all',
             'ipapermright': {'read', 'search', 'compare'},
             'ipapermdefaultattr': {
-                'member', 'memberof', 'memberuid',
+                'member', 'memberof', 'memberuid', 'memberuser', 'memberhost',
             },
         },
     }
author	Petr Viktorin <pviktori@redhat.com>	2014-06-10 12:31:29 +0200
committer	Petr Viktorin <pviktori@redhat.com>	2014-06-11 13:21:30 +0200
commit	b6258d08d6c5605b32151654c6259f7c77f1a32b (patch)
tree	7498bba33fa7f720e86ceec7203333da88a27719 /ipalib/plugins/group.py
parent	2f3cdba54620989afba0ce1b423cddb56b841ab3 (diff)
download	freeipa-b6258d08d6c5605b32151654c6259f7c77f1a32b.tar.gz freeipa-b6258d08d6c5605b32151654c6259f7c77f1a32b.tar.xz freeipa-b6258d08d6c5605b32151654c6259f7c77f1a32b.zip