diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-06-10 12:31:29 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-06-11 13:21:30 +0200 |
commit | b6258d08d6c5605b32151654c6259f7c77f1a32b (patch) | |
tree | 7498bba33fa7f720e86ceec7203333da88a27719 /ipalib/plugins/selinuxusermap.py | |
parent | 2f3cdba54620989afba0ce1b423cddb56b841ab3 (diff) | |
download | freeipa-b6258d08d6c5605b32151654c6259f7c77f1a32b.tar.gz freeipa-b6258d08d6c5605b32151654c6259f7c77f1a32b.tar.xz freeipa-b6258d08d6c5605b32151654c6259f7c77f1a32b.zip |
Make sure member* attrs are always granted together in read permissions
Memberofindirect processing of an entry doesn't work if the user doesn't
have rights to any one of these attributes:
- member
- memberuser
- memberhost
Add all of these to any read permission that specifies any of them.
Add a check to makeaci that will enforce this for any future permissions.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipalib/plugins/selinuxusermap.py')
-rw-r--r-- | ipalib/plugins/selinuxusermap.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/selinuxusermap.py b/ipalib/plugins/selinuxusermap.py index 7efabaaa6..d84503996 100644 --- a/ipalib/plugins/selinuxusermap.py +++ b/ipalib/plugins/selinuxusermap.py @@ -160,7 +160,7 @@ class selinuxusermap(LDAPObject): 'accesstime', 'cn', 'description', 'hostcategory', 'ipaenabledflag', 'ipaselinuxuser', 'ipauniqueid', 'memberhost', 'memberuser', 'seealso', 'usercategory', - 'objectclass', + 'objectclass', 'member', }, }, } |