4 files changed, 41 insertions, 0 deletions

diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index 69740dfe1..a4340bb76 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -202,6 +202,16 @@ class group(LDAPObject):
             ],
             'default_privileges': {'Group Administrators'},
         },
+        'System: Read Group Compat Tree': {
+            'non_object': True,
+            'ipapermbindruletype': 'all',
+            'ipapermlocation': api.env.basedn,
+            'ipapermtarget': DN('cn=groups', 'cn=compat', api.env.basedn),
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'objectclass', 'cn', 'memberuid',
+            },
+        },
     }
 
     label = _('User Groups')
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index ee858ad27..5301c1ac0 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -368,6 +368,16 @@ class host(LDAPObject):
             'ipapermdefaultattr': {'userpassword'},
             'default_privileges': {'Host Administrators', 'Host Enrollment'},
         },
+        'System: Read Host Compat Tree': {
+            'non_object': True,
+            'ipapermbindruletype': 'all',
+            'ipapermlocation': api.env.basedn,
+            'ipapermtarget': DN('cn=computers', 'cn=compat', api.env.basedn),
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'objectclass', 'cn', 'macaddress',
+            },
+        },
     }
 
     label = _('Hosts')
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index a7cad1dcb..c71e43091 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -160,6 +160,16 @@ class netgroup(LDAPObject):
             ],
             'default_privileges': {'Netgroups Administrators'},
         },
+        'System: Read Netgroup Compat Tree': {
+            'non_object': True,
+            'ipapermbindruletype': 'all',
+            'ipapermlocation': api.env.basedn,
+            'ipapermtarget': DN('cn=ng', 'cn=compat', api.env.basedn),
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'objectclass', 'cn', 'mambernisnetgroup', 'nisnetgrouptriple',
+            },
+        },
     }
 
     label = _('Netgroups')
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 454d21972..f95b4fd4a 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -424,6 +424,17 @@ class user(LDAPObject):
             ],
             'default_privileges': {'User Administrators'},
         },
+        'System: Read User Compat Tree': {
+            'non_object': True,
+            'ipapermbindruletype': 'anonymous',
+            'ipapermlocation': api.env.basedn,
+            'ipapermtarget': DN('cn=users', 'cn=compat', api.env.basedn),
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'objectclass', 'uid', 'cn', 'gecos', 'gidnumber', 'uidnumber',
+                'homedirectory', 'loginshell',
+            },
+        },
     }
 
     label = _('Users')