summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrançois Cami <fcami@redhat.com>2018-11-21 00:01:02 +0100
committerChristian Heimes <cheimes@redhat.com>2018-11-21 15:41:00 +0100
commitdd0490e1d8f2021b3fad8f283a73bd7e63e2178c (patch)
tree5b818390daf7c776dcfb7860ed8e5b105b7685fb
parenta709da674833a0c44cdca0c3431313a44bacb9dd (diff)
downloadfreeipa-review.tar.gz
freeipa-review.tar.xz
freeipa-review.zip
Add a "Find enabled services" ACI in 20-aci.update so that all users can find IPA servers and services. ACI suggested by Christian Heimes.review
Fixes: https://pagure.io/freeipa/issue/7691 Signed-off-by: François Cami <fcami@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
Diffstat
-rw-r--r--install/updates/20-aci.update4
1 files changed, 4 insertions, 0 deletions
diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update
index 184749d78..7650cb481 100644
--- a/install/updates/20-aci.update
+++ b/install/updates/20-aci.update
@@ -36,6 +36,10 @@ remove:aci:(targetfilter="(objectclass=nsContainer)")(version 3.0; acl "Deny rea
dn: cn=masters,cn=ipa,cn=etc,$SUFFIX
add:aci:(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)
+# Allow users to discover enabled services
+dn: cn=masters,cn=ipa,cn=etc,$SUFFIX
+add:aci:(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)
+
# Allow hosts to read masters service configuration
dn: cn=masters,cn=ipa,cn=etc,$SUFFIX
add:aci:(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX";)
generated by cgit (git 2.34.1) at 2024-04-25 07:26:36 +0000