diff options
author | François Cami <fcami@redhat.com> | 2018-11-21 00:01:02 +0100 |
---|---|---|
committer | Christian Heimes <cheimes@redhat.com> | 2018-11-21 15:41:00 +0100 |
commit | dd0490e1d8f2021b3fad8f283a73bd7e63e2178c (patch) | |
tree | 5b818390daf7c776dcfb7860ed8e5b105b7685fb | |
parent | a709da674833a0c44cdca0c3431313a44bacb9dd (diff) | |
download | freeipa-review.tar.gz freeipa-review.tar.xz freeipa-review.zip |
Add a "Find enabled services" ACI in 20-aci.update so that all users can find IPA servers and services. ACI suggested by Christian Heimes.review
Fixes: https://pagure.io/freeipa/issue/7691
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
-rw-r--r-- | install/updates/20-aci.update | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update index 184749d78..7650cb481 100644 --- a/install/updates/20-aci.update +++ b/install/updates/20-aci.update @@ -36,6 +36,10 @@ remove:aci:(targetfilter="(objectclass=nsContainer)")(version 3.0; acl "Deny rea dn: cn=masters,cn=ipa,cn=etc,$SUFFIX add:aci:(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) +# Allow users to discover enabled services +dn: cn=masters,cn=ipa,cn=etc,$SUFFIX +add:aci:(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";) + # Allow hosts to read masters service configuration dn: cn=masters,cn=ipa,cn=etc,$SUFFIX add:aci:(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX";) |