summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipa-install
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-server/ipa-install')
-rw-r--r--ipa-server/ipa-install/share/bootstrap-template.ldif8
-rw-r--r--ipa-server/ipa-install/share/default-aci.ldif2
2 files changed, 1 insertions, 9 deletions
diff --git a/ipa-server/ipa-install/share/bootstrap-template.ldif b/ipa-server/ipa-install/share/bootstrap-template.ldif
index 0a969de38..014f9d61d 100644
--- a/ipa-server/ipa-install/share/bootstrap-template.ldif
+++ b/ipa-server/ipa-install/share/bootstrap-template.ldif
@@ -1,11 +1,3 @@
-dn: $SUFFIX
-changetype: modify
-add: objectClass
-objectClass: pilotObject
--
-add: info
-info: IPA V1.0
-
dn: cn=accounts,$SUFFIX
changetype: add
objectClass: top
diff --git a/ipa-server/ipa-install/share/default-aci.ldif b/ipa-server/ipa-install/share/default-aci.ldif
index d7b5d300b..a452b50d2 100644
--- a/ipa-server/ipa-install/share/default-aci.ldif
+++ b/ipa-server/ipa-install/share/default-aci.ldif
@@ -2,7 +2,7 @@
# FIXME: We need to allow truly anonymous access only to NIS data for older clients. We need to allow broad access to most attributes only to authenticated users
dn: $SUFFIX
changetype: modify
-replace: aci
+add: aci
aci: (targetattr = "krbMKey")(version 3.0; acl "Only the kerberos account can access this one"; deny (read, search, compare, write) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)
aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";)
aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admin can manage any entry"; allow (all) userdn = "ldap:///uid=admin,cn=sysaccounts,cn=etc,$SUFFIX";)
generated by cgit (git 2.34.1) at 2024-07-02 11:20:33 +0000