diff options
| -rw-r--r-- | install/updates/20-aci.update | 4 | ||||
| -rw-r--r-- | install/updates/Makefile.am | 3 |
2 files changed, 6 insertions, 1 deletions
diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update new file mode 100644 index 000000000..42f1e9fe6 --- /dev/null +++ b/install/updates/20-aci.update @@ -0,0 +1,4 @@ +# Don't allow managed netgroups to be modified +dn: cn=ng,cn=alt,$SUFFIX +add:aci: '(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)' + diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 26318e144..c3473ace4 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -4,13 +4,14 @@ appdir = $(IPA_DATA_DIR)/updates app_DATA = \ 10-RFC2307bis.update \ 10-RFC4876.update \ + 20-aci.update \ 20-dna.update \ 20-indices.update \ 20-nss_ldap.update \ 20-replication.update \ 20-winsync_index.update \ 40-delegation.update \ - 50-lockout-policy.update \ + 50-lockout-policy.update \ $(NULL) EXTRA_DIST = \ |