summaryrefslogtreecommitdiffstats
path: root/install/share/default-aci.ldif
diff options
context:
space:
mode:
Diffstat (limited to 'install/share/default-aci.ldif')
-rw-r--r--install/share/default-aci.ldif10
1 files changed, 10 insertions, 0 deletions
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif
index 870ac12e9..f3ed39599 100644
--- a/install/share/default-aci.ldif
+++ b/install/share/default-aci.ldif
@@ -86,3 +86,13 @@ changetype: modify
add: aci
aci: (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)
+# Let host add and update CA renewal certificates
+dn: cn=ipa,cn=etc,$SUFFIX
+changetype: modify
+add: aci
+aci: (target="ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,$SUFFIX")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) userdn = "ldap:///fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX";)
+
+dn: cn=ipa,cn=etc,$SUFFIX
+changetype: modify
+add: aci
+aci: (target="ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,$SUFFIX")(targetattr="userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn = "ldap:///fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX";)
generated by cgit (git 2.34.1) at 2024-05-30 11:27:19 +0000