| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This also drops description from permissions since it seems redundant and
fixes up the help text a little.
ticket 792
|
|
|
|
| |
ticket 638
|
|
|
|
|
|
|
|
|
|
| |
The change_password permission was too broad, limit it to users.
The DNS access controls rolled everything into a single ACI. I broke
it out into separate ACIs for add, delete and add. I also added a new
dns type for the permission plugin.
ticket 628
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new model is based on permssions, privileges and roles.
Most importantly it corrects the reverse membership that caused problems
in the previous implementation. You add permission to privileges and
privileges to roles, not the other way around (even though it works that
way behind the scenes).
A permission object is a combination of a simple group and an aci.
The linkage between the aci and the permission is the description of
the permission. This shows as the name/description of the aci.
ldap:///self and groups granting groups (v1-style) are not supported by
this model (it will be provided separately).
This makes the aci plugin internal only.
ticket 445
|
|
|
|
| |
Fixes #528943
|
|
|
|
| |
Also, small cosmetic change in dns.ldif.
|
|
|
|
|
|
| |
The newest 389 server implements syntax checking and causes problems if
the boolean attribute is set to "True". The correct value should be
"TRUE".
|
|
|
|
|
|
|
|
| |
Also moves delagation layout installation in dsinstance.
This is needed to allow us to set default membership in
other modules like bindinstance.
Signed-off-by: Martin Nagy <mnagy@redhat.com>
|
|
|