diff options
Diffstat (limited to 'install/share/default-aci.ldif')
-rw-r--r-- | install/share/default-aci.ldif | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif index 870ac12e9..f3ed39599 100644 --- a/install/share/default-aci.ldif +++ b/install/share/default-aci.ldif @@ -86,3 +86,13 @@ changetype: modify add: aci aci: (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) +# Let host add and update CA renewal certificates +dn: cn=ipa,cn=etc,$SUFFIX +changetype: modify +add: aci +aci: (target="ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,$SUFFIX")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) userdn = "ldap:///fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX";) + +dn: cn=ipa,cn=etc,$SUFFIX +changetype: modify +add: aci +aci: (target="ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,$SUFFIX")(targetattr="userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn = "ldap:///fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX";) |