From 418ce870bfbe13cea694a7b862cafe35c703f660 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Wed, 3 Sep 2014 10:54:50 +0200
Subject: Add managed read permissions for compat tree

https://fedorahosted.org/freeipa/ticket/4521

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipalib/plugins/group.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'ipalib/plugins/group.py')

diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index 69740dfe1..a4340bb76 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -202,6 +202,16 @@ class group(LDAPObject):
             ],
             'default_privileges': {'Group Administrators'},
         },
+        'System: Read Group Compat Tree': {
+            'non_object': True,
+            'ipapermbindruletype': 'all',
+            'ipapermlocation': api.env.basedn,
+            'ipapermtarget': DN('cn=groups', 'cn=compat', api.env.basedn),
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'objectclass', 'cn', 'memberuid',
+            },
+        },
     }
 
     label = _('User Groups')
-- 
cgit