summaryrefslogtreecommitdiffstats
path: root/ipaserver/install
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-12-01 11:23:52 -0500
committerSimo Sorce <ssorce@redhat.com>2010-12-01 20:42:31 -0500
commit4ad8055341b9f12c833abdf757755ed95f1b375e (patch)
tree1733fffdfe47574f2c5eb723e52f88cd58a7e0a4 /ipaserver/install
parent85d5bfd1b19b0ed6282a8c6cc056e8e550dde79d (diff)
downloadfreeipa-4ad8055341b9f12c833abdf757755ed95f1b375e.tar.gz
freeipa-4ad8055341b9f12c833abdf757755ed95f1b375e.tar.xz
freeipa-4ad8055341b9f12c833abdf757755ed95f1b375e.zip
Re-implement access control using an updated model.
The new model is based on permssions, privileges and roles. Most importantly it corrects the reverse membership that caused problems in the previous implementation. You add permission to privileges and privileges to roles, not the other way around (even though it works that way behind the scenes). A permission object is a combination of a simple group and an aci. The linkage between the aci and the permission is the description of the permission. This shows as the name/description of the aci. ldap:///self and groups granting groups (v1-style) are not supported by this model (it will be provided separately). This makes the aci plugin internal only. ticket 445
Diffstat (limited to 'ipaserver/install')
-rw-r--r--ipaserver/install/bindinstance.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 4e63e7e3e..0f8200874 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -357,7 +357,7 @@ class BindInstance(service.Service):
logging.critical("Could not connect to the Directory Server on %s" % self.fqdn)
raise e
- dns_group = "cn=dnsserver,cn=rolegroups,cn=accounts,%s" % self.suffix
+ dns_group = "cn=dnsserver,cn=privileges,cn=accounts,%s" % self.suffix
if isinstance(dns_principal, unicode):
dns_principal = dns_principal.encode('utf-8')
mod = [(ldap.MOD_ADD, 'member', dns_principal)]