diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-02-19 13:29:14 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-03-19 17:17:14 -0400 |
| commit | c19911845d93e4cbbf296caf18568231549a3e60 (patch) | |
| tree | 7215db333db05cefbe712e63f7c99d651afff908 /ipaserver/install/dsinstance.py | |
| parent | 664ae51eb6e76ceb3630687d2ee423f69fb0ba19 (diff) | |
| download | freeipa-c19911845d93e4cbbf296caf18568231549a3e60.tar.gz freeipa-c19911845d93e4cbbf296caf18568231549a3e60.tar.xz freeipa-c19911845d93e4cbbf296caf18568231549a3e60.zip | |
Use GSSAPI auth for the ipa-replica-manage list and del commands.
This creates a new role, replicaadmin, so a non-DM user can do
limited management of replication agreements.
Note that with cn=config if an unauthorized user performs a search
an error is not returned, no entries are returned. This makes it
difficult to determine if there are simply no replication agreements or
we aren't allowed to see them. Once the ipaldap.py module gets
replaced by ldap2 we can use Get Effective Rights to easily tell the
difference.
Diffstat (limited to 'ipaserver/install/dsinstance.py')
| -rw-r--r-- | ipaserver/install/dsinstance.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 9a71b7f56..f535b7ba8 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -148,6 +148,8 @@ class DsInstance(service.Service): self.pkcs12_info = None self.ds_user = None self.dercert = None + self.uidstart = 1100 + self.gidstart = 1100 if realm_name: self.suffix = util.realm_to_suffix(self.realm_name) self.__setup_sub_dict() |