From 5884fdf0f864d67fe7ee48d29f3c023882bc2891 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 11 Dec 2010 11:02:08 -0500 Subject: Add replication related acis to all replicas Fixes: https://fedorahosted.org/freeipa/ticket/617 --- install/share/Makefile.am | 1 + install/share/delegation.ldif | 12 ------------ install/share/replica-acis.ldif | 11 +++++++++++ ipaserver/install/dsinstance.py | 5 +++++ 4 files changed, 17 insertions(+), 12 deletions(-) create mode 100644 install/share/replica-acis.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index f9cc980d8..b3673180d 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -17,6 +17,7 @@ app_DATA = \ default-keytypes.ldif \ default-pwpolicy.ldif \ delegation.ldif \ + replica-acis.ldif \ ds-nfiles.ldif \ dns.ldif \ kerberos.ldif \ diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif index 69050dfee..1399c7c8c 100644 --- a/install/share/delegation.ldif +++ b/install/share/delegation.ldif @@ -592,18 +592,6 @@ changetype: modify add: aci aci: (targetattr = "enrolledby || objectclass")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "Enroll a host";allow (write) groupdn = "ldap:///cn=enroll_host,cn=permissions,cn=accounts,$SUFFIX";) -# Replica administration - -dn: cn="$SUFFIX",cn=mapping tree,cn=config -changetype: modify -add: aci -aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0; acl "Manage Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=managereplica,cn=permissions,cn=accounts,$SUFFIX";) - -dn: cn="$SUFFIX",cn=mapping tree,cn=config -changetype: modify -add: aci -aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "Delete Replication Agreements";allow (delete) groupdn = "ldap:///cn=deletereplica,cn=permissions,cn=accounts,$SUFFIX";) - # Entitlement administration dn: $SUFFIX diff --git a/install/share/replica-acis.ldif b/install/share/replica-acis.ldif new file mode 100644 index 000000000..5ee65dacb --- /dev/null +++ b/install/share/replica-acis.ldif @@ -0,0 +1,11 @@ +# Replica administration + +dn: cn="$SUFFIX",cn=mapping tree,cn=config +changetype: modify +add: aci +aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0; acl "Manage Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=managereplica,cn=permissions,cn=accounts,$SUFFIX";) + +dn: cn="$SUFFIX",cn=mapping tree,cn=config +changetype: modify +add: aci +aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "Delete Replication Agreements";allow (delete) groupdn = "ldap:///cn=deletereplica,cn=permissions,cn=accounts,$SUFFIX";) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 3dbedfb8b..73bc8b0c1 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -245,6 +245,7 @@ class DsInstance(service.Service): self.step("adding default layout", self.__add_default_layout) self.step("adding delegation layout", self.__add_delegation_layout) + self.step("adding replication acis", self.__add_replication_acis) if hbac_allow: self.step("creating default HBAC rule allow_all", self.add_hbac) @@ -278,6 +279,7 @@ class DsInstance(service.Service): self.__common_setup() self.step("Setting up initial replication", self.__setup_replica) + self.step("adding replication acis", self.__add_replication_acis) self.__common_post_setup() @@ -534,6 +536,9 @@ class DsInstance(service.Service): def __add_delegation_layout(self): self._ldap_mod("delegation.ldif", self.sub_dict) + def __add_replication_acis(self): + self._ldap_mod("replica-acis.ldif", self.sub_dict) + def __create_indices(self): self._ldap_mod("indices.ldif") -- cgit