diff options
-rw-r--r-- | freeipa.spec.in | 6 | ||||
-rw-r--r-- | install/updates/20-aci.update | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index ef1c91dea..6311445da 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -38,7 +38,7 @@ Source0: freeipa-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %if ! %{ONLY_CLIENT} -BuildRequires: 389-ds-base-devel >= 1.3.3.9 +BuildRequires: 389-ds-base-devel >= 1.3.4.0 BuildRequires: svrcore-devel BuildRequires: policycoreutils >= 2.1.12-5 BuildRequires: systemd-units @@ -114,7 +114,7 @@ Group: System Environment/Base Requires: %{name}-python = %{version}-%{release} Requires: %{name}-client = %{version}-%{release} Requires: %{name}-admintools = %{version}-%{release} -Requires: 389-ds-base >= 1.3.4.a1 +Requires: 389-ds-base >= 1.3.4.0 Requires: openldap-clients > 2.4.35-4 Requires: nss >= 3.14.3-12.0 Requires: nss-tools >= 3.14.3-12.0 @@ -151,7 +151,7 @@ Requires: zip Requires: policycoreutils >= 2.1.12-5 Requires: tar Requires(pre): certmonger >= 0.76.8 -Requires(pre): 389-ds-base >= 1.3.4.a1 +Requires(pre): 389-ds-base >= 1.3.4.0 Requires: fontawesome-fonts Requires: open-sans-fonts Requires: openssl diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update index 4a8b67c65..0bdeeb6ac 100644 --- a/install/updates/20-aci.update +++ b/install/updates/20-aci.update @@ -83,3 +83,7 @@ add:aci: (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targe # User certificates dn: $SUFFIX add:aci:(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) + +# Hosts can add their own services +dn: cn=services,cn=accounts,$SUFFIX +add:aci: (target = "ldap:///krbprincipalname=*/($$dn)@$REALM,cn=services,cn=accounts,$SUFFIX")(targetfilter = "(objectClass=ipaKrbPrincipal)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($$dn),cn=computers,cn=accounts,$SUFFIX";) |