diff options
author | Martin Kosek <mkosek@redhat.com> | 2013-06-19 09:48:29 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-06-26 14:11:42 +0200 |
commit | 77ae4da70632e17b6be09e9ad71fc353b3bad96e (patch) | |
tree | 8b335f8590755606a6cae72de1a66590a73832a2 /install/share | |
parent | 76dc2176f9e53fc7da760a516359f7cb2eb62035 (diff) | |
download | freeipa-77ae4da70632e17b6be09e9ad71fc353b3bad96e.tar.gz freeipa-77ae4da70632e17b6be09e9ad71fc353b3bad96e.tar.xz freeipa-77ae4da70632e17b6be09e9ad71fc353b3bad96e.zip |
Remove entitlement support
Entitlements code was not tested nor supported upstream since
version 3.0. Remove the associated code.
https://fedorahosted.org/freeipa/ticket/3739
Diffstat (limited to 'install/share')
-rw-r--r-- | install/share/bootstrap-template.ldif | 6 | ||||
-rw-r--r-- | install/share/delegation.ldif | 80 |
2 files changed, 0 insertions, 86 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 014f7a55..f603ad5c 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -125,12 +125,6 @@ objectClass: nsContainer objectClass: top cn: sysaccounts -dn: cn=entitlements,cn=etc,$SUFFIX -changetype: add -objectClass: nsContainer -objectClass: top -cn: entitlements - dn: cn=ipa,cn=etc,$SUFFIX changetype: add objectClass: nsContainer diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif index 14069586..7fe30308 100644 --- a/install/share/delegation.ldif +++ b/install/share/delegation.ldif @@ -37,23 +37,6 @@ objectClass: nestedgroup cn: helpdesk description: Helpdesk -dn: cn=Entitlement Management,cn=roles,cn=accounts,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Entitlement Management -description: Entitlements administrator - -dn: cn=Entitlement Compliance,cn=roles,cn=accounts,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Entitlement Compliance -description: Verify entitlement compliance -member: fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX - ############################################ # Add the default privileges ############################################ @@ -146,26 +129,6 @@ objectClass: nestedgroup cn: Host Enrollment description: Host Enrollment -dn: cn=Register and Write Entitlements,cn=privileges,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Register and Write Entitlements -description: Register and Write Entitlements -member: cn=Entitlement Management,cn=roles,cn=accounts,$SUFFIX - -dn: cn=Read Entitlements,cn=privileges,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Read Entitlements -description: Read Entitlements -member: cn=Entitlement Management,cn=roles,cn=accounts,$SUFFIX -member: cn=Entitlement Compliance,cn=roles,cn=accounts,$SUFFIX - - ############################################ # Default permissions. ############################################ @@ -554,32 +517,6 @@ cn: Modify DNA Range ipapermissiontype: SYSTEM member: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX -# Entitlement management - -dn: cn=Register Entitlements,cn=permissions,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: ipapermission -cn: Register Entitlements -member: cn=Register and Write Entitlements,cn=privileges,cn=pbac,$SUFFIX - -dn: cn=Read Entitlements,cn=permissions,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: ipapermission -cn: Read Entitlements -member: cn=Read Entitlements,cn=privileges,cn=pbac,$SUFFIX - -dn: cn=Write Entitlements,cn=permissions,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: ipapermission -cn: Write Entitlements -member: cn=Register and Write Entitlements,cn=privileges,cn=pbac,$SUFFIX - ############################################ # Default permissions (ACIs) ############################################ @@ -701,23 +638,6 @@ changetype: modify add: aci aci: (targetattr = "objectclass")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Enroll a host";allow (write) groupdn = "ldap:///cn=Enroll a host,cn=permissions,cn=pbac,$SUFFIX";) -# Entitlement administration - -dn: $SUFFIX -changetype: modify -add: aci -aci: (target = "ldap:///ipaentitlementid=*,cn=entitlements,cn=etc,$SUFFIX")(version 3.0;acl "permission:Register Entitlements";allow (add) groupdn = "ldap:///cn=Register Entitlements,cn=permissions,cn=pbac,$SUFFIX";) - -dn: $SUFFIX -changetype: modify -add: aci -aci: (targetattr = "usercertificate")(target = "ldap:///ipaentitlement=*,cn=entitlements,cn=etc,$SUFFIX")(version 3.0;acl "permission:Write Entitlements";allow (write) groupdn = "ldap:///cn=Write Entitlements,cn=permissions,cn=pbac,$SUFFIX";) - -dn: $SUFFIX -changetype: modify -add: aci -aci: (targetattr = "userpkcs12")(target = "ldap:///ipaentitlementid=*,cn=entitlements,cn=etc,$SUFFIX")(version 3.0;acl "permission:Read Entitlements";allow (read) groupdn = "ldap:///cn=Read Entitlements,cn=permissions,cn=pbac,$SUFFIX";) - # Create virtual operations entry. This is used to control access to # operations that don't rely on LDAP directly. dn: cn=virtual operations,cn=etc,$SUFFIX |