From c2e6b74029e08a4eadb7a14a4c711febfc83b5be Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Tue, 24 Jun 2014 18:24:32 +0200
Subject: trusts: Allow reading system trust accounts by adtrust agents

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 install/updates/60-trusts.update | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'install')

diff --git a/install/updates/60-trusts.update b/install/updates/60-trusts.update
index 371bf656f..d55bc94bb 100644
--- a/install/updates/60-trusts.update
+++ b/install/updates/60-trusts.update
@@ -15,6 +15,14 @@ default: objectClass: GroupOfNames
 default: objectClass: top
 default: cn: adtrust agents
 
+dn: cn=ADTrust Agents,cn=privileges,cn=pbac,$SUFFIX
+default: objectClass: top
+default: objectClass: groupofnames
+default: objectClass: nestedgroup
+default: cn: ADTrust Agents
+default: description: System accounts able to access trust information
+default: member: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX
+
 dn: cn=trusts,$SUFFIX
 default: objectClass: top
 default: objectClass: nsContainer
-- 
cgit