Add managed read permissions for compat tree

https://fedorahosted.org/freeipa/ticket/4521 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Petr Viktorin <pviktori@redhat.com> 2014-09-03 10:54:50 +0200
committer: Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com> 2014-09-05 13:50:29 +0200
commit: 418ce870bfbe13cea694a7b862cafe35c703f660 (patch)
tree: 0143860023172f1d9c5a45127bc80a3d2f347e73 /ipalib/plugins/user.py
parent: 4484d4d58b479f36dfadbe16fa3fdba901b52c58 (diff)
download: freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.tar.gz
freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.tar.xz
freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 454d21972..f95b4fd4a 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -424,6 +424,17 @@ class user(LDAPObject):
             ],
             'default_privileges': {'User Administrators'},
         },
+        'System: Read User Compat Tree': {
+            'non_object': True,
+            'ipapermbindruletype': 'anonymous',
+            'ipapermlocation': api.env.basedn,
+            'ipapermtarget': DN('cn=users', 'cn=compat', api.env.basedn),
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'objectclass', 'uid', 'cn', 'gecos', 'gidnumber', 'uidnumber',
+                'homedirectory', 'loginshell',
+            },
+        },
     }
 
     label = _('Users')
author	Petr Viktorin <pviktori@redhat.com>	2014-09-03 10:54:50 +0200
committer	Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com>	2014-09-05 13:50:29 +0200
commit	418ce870bfbe13cea694a7b862cafe35c703f660 (patch)
tree	0143860023172f1d9c5a45127bc80a3d2f347e73 /ipalib/plugins/user.py
parent	4484d4d58b479f36dfadbe16fa3fdba901b52c58 (diff)
download	freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.tar.gz freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.tar.xz freeipa-418ce870bfbe13cea694a7b862cafe35c703f660.zip