trusts: Allow reading system trust accounts by adtrust agents

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Tomas Babej <tbabej@redhat.com> 2014-06-24 18:24:32 +0200
committer: Petr Viktorin <pviktori@redhat.com> 2014-06-25 15:01:52 +0200
commit: c2e6b74029e08a4eadb7a14a4c711febfc83b5be (patch)
tree: 9a5ee7c1638cf5f479bf327d3a9c51f3b13fd2f1 /ipalib/plugins/trust.py
parent: 8f9838c7ef825fe102de82adf0e8f3409d562305 (diff)
download: freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.tar.gz
freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.tar.xz
freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 25755d7a4..99acfb8f8 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -330,6 +330,17 @@ class trust(LDAPObject):
                 'ipantsidblacklistincoming', 'ipantsidblacklistoutgoing'
             },
         },
+
+        'System: Read system trust accounts': {
+            'non_object': True,
+            'ipapermlocation': DN(container_dn, api.env.basedn),
+            'replaces_global_anonymous_aci': True,
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'uidnumber', 'gidnumber', 'krbprincipalname'
+            },
+            'default_privileges': {'ADTrust Agents'},
+        },
     }
 
     label = _('Trusts')
author	Tomas Babej <tbabej@redhat.com>	2014-06-24 18:24:32 +0200
committer	Petr Viktorin <pviktori@redhat.com>	2014-06-25 15:01:52 +0200
commit	c2e6b74029e08a4eadb7a14a4c711febfc83b5be (patch)
tree	9a5ee7c1638cf5f479bf327d3a9c51f3b13fd2f1 /ipalib/plugins/trust.py
parent	8f9838c7ef825fe102de82adf0e8f3409d562305 (diff)
download	freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.tar.gz freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.tar.xz freeipa-c2e6b74029e08a4eadb7a14a4c711febfc83b5be.zip