diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2012-04-20 11:07:47 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-04-23 10:00:50 +0200 |
| commit | 38e7d0645ea39c3a416004b11d5368b8dea21abe (patch) | |
| tree | 44d47984a07ec6c93fbde61a62cac3db22f241d1 | |
| parent | 0457210e26d7fb2a2ec1a2968d1ab0c31a62be07 (diff) | |
| download | freeipa.git-38e7d0645ea39c3a416004b11d5368b8dea21abe.tar.gz freeipa.git-38e7d0645ea39c3a416004b11d5368b8dea21abe.tar.xz freeipa.git-38e7d0645ea39c3a416004b11d5368b8dea21abe.zip | |
Use mixed-case for Read DNS Entries permission
https://fedorahosted.org/freeipa/ticket/2569
| -rw-r--r-- | install/share/dns.ldif | 6 | ||||
| -rw-r--r-- | ipaserver/install/plugins/dns.py | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/install/share/dns.ldif b/install/share/dns.ldif index a8d27788..cd77fe22 100644 --- a/install/share/dns.ldif +++ b/install/share/dns.ldif @@ -4,7 +4,7 @@ objectClass: idnsConfigObject objectClass: nsContainer objectClass: top cn: dns -aci: (targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX") and (groupdn != "ldap:///cn=read dns entries,cn=permissions,cn=pbac,$SUFFIX");) +aci: (targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX") and (groupdn != "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX");) dn: $SUFFIX changetype: modify @@ -57,12 +57,12 @@ description: Update DNS entries member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX member: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX -dn: cn=read dns entries,cn=permissions,cn=pbac,$SUFFIX +dn: cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames objectClass: ipapermission -cn: read dns entries +cn: Read DNS Entries description: Read DNS entries ipapermissiontype: SYSTEM member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py index a9846fa8..886f7f05 100644 --- a/ipaserver/install/plugins/dns.py +++ b/ipaserver/install/plugins/dns.py @@ -100,13 +100,13 @@ class update_dns_permissions(PostUpdate): 'member:cn=DNS Servers,cn=privileges,cn=pbac,%s' \ % api.env.basedn] - _read_dns_perm_dn = DN('cn=read dns entries', + _read_dns_perm_dn = DN('cn=Read DNS Entries', api.env.container_permission, api.env.basedn) _read_dns_perm_entry = ['objectClass:top', 'objectClass:groupofnames', 'objectClass:ipapermission', - 'cn:read dns entries', + 'cn:Read DNS Entries', 'description:Read DNS entries', 'ipapermissiontype:SYSTEM', 'member:cn=DNS Administrators,cn=privileges,cn=pbac,%s' \ @@ -118,7 +118,7 @@ class update_dns_permissions(PostUpdate): _write_dns_aci_entry = ['add:aci:\'(targetattr = "idnsforwardpolicy || idnsforwarders || idnsallowsyncptr || idnszonerefresh || idnspersistentsearch")(target = "ldap:///cn=dns,%(realm)s")(version 3.0;acl "permission:Write DNS Configuration";allow (write) groupdn = "ldap:///cn=Write DNS Configuration,cn=permissions,cn=pbac,%(realm)s";)\'' % dict(realm=api.env.basedn)] _read_dns_aci_dn = DN(api.env.container_dns, api.env.basedn) - _read_dns_aci_entry = ['add:aci:\'(targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,%(realm)s") and (groupdn != "ldap:///cn=read dns entries,cn=permissions,cn=pbac,%(realm)s");)\'' % dict(realm=api.env.basedn) ] + _read_dns_aci_entry = ['add:aci:\'(targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,%(realm)s") and (groupdn != "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,%(realm)s");)\'' % dict(realm=api.env.basedn) ] def execute(self, **options): ldap = self.obj.backend |