diff options
author | Simo Sorce <ssorce@redhat.com> | 2007-12-12 16:42:19 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2007-12-12 16:42:19 -0500 |
commit | c39d6d3be878e82fdb4bb4bd6a09aaed1d5fad12 (patch) | |
tree | bc86e31d5999beb03927c1d2a52ebb516d242865 /ipa-server | |
parent | cecbca1a84579c6aaf20ab7979aee1ae483f32c6 (diff) | |
download | freeipa-c39d6d3be878e82fdb4bb4bd6a09aaed1d5fad12.tar.gz freeipa-c39d6d3be878e82fdb4bb4bd6a09aaed1d5fad12.tar.xz freeipa-c39d6d3be878e82fdb4bb4bd6a09aaed1d5fad12.zip |
Merge in Rob aci patch (resolve conflict)
Diffstat (limited to 'ipa-server')
-rw-r--r-- | ipa-server/ipa-install/share/default-aci.ldif | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipa-server/ipa-install/share/default-aci.ldif b/ipa-server/ipa-install/share/default-aci.ldif index ae8801ac..5715259a 100644 --- a/ipa-server/ipa-install/share/default-aci.ldif +++ b/ipa-server/ipa-install/share/default-aci.ldif @@ -12,7 +12,7 @@ aci: (targetattr = "krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailed aci: (targetattr = "krbPrincipalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "Only the KDC System Account has access to kerberos material"; allow (read, search, compare) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) aci: (targetfilter = "(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))")(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add, delete, read, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) aci: (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) -aci: (targetattr = "givenName || sn || cn || displayName || initials || loginShell || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso")(version 3.0;acl "Self service";allow (write) userdn = "ldap:///self";) +aci: (targetattr = "givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou")(version 3.0;acl "Self service";allow (write) userdn = "ldap:///self";) dn: cn=ipaConfig,cn=etc,$SUFFIX changetype: modify |