diff options
Diffstat (limited to 'install/updates/20-aci.update')
-rw-r--r-- | install/updates/20-aci.update | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update index 42f1e9fe6..41d35da35 100644 --- a/install/updates/20-aci.update +++ b/install/updates/20-aci.update @@ -2,3 +2,7 @@ dn: cn=ng,cn=alt,$SUFFIX add:aci: '(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)' +# This is used for the host/service one-time passwordn and keytab indirectors. +# We can do a query on a DN to see if an attribute exists. +dn: cn=accounts,$SUFFIX +add:aci: (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) |