diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2011-12-07 02:47:29 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-13 22:20:23 -0500 |
| commit | 9b6baf9beeb733d77883f4ed32e553265ee15543 (patch) | |
| tree | 6a7879c423daf647641bf76f3244e79f36d9a953 /install/share/default-aci.ldif | |
| parent | 63ea0a304ec734a64d28e7c9b0f2b172224155d6 (diff) | |
| download | freeipa.git-9b6baf9beeb733d77883f4ed32e553265ee15543.tar.gz freeipa.git-9b6baf9beeb733d77883f4ed32e553265ee15543.tar.xz freeipa.git-9b6baf9beeb733d77883f4ed32e553265ee15543.zip | |
Add LDAP ACIs for SSH public key schema.
https://fedorahosted.org/freeipa/ticket/754
Diffstat (limited to 'install/share/default-aci.ldif')
| -rw-r--r-- | install/share/default-aci.ldif | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif index e02b1c2c..add712d4 100644 --- a/install/share/default-aci.ldif +++ b/install/share/default-aci.ldif @@ -16,6 +16,7 @@ dn: $SUFFIX changetype: modify add: aci aci: (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) +aci: (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) dn: cn=etc,$SUFFIX changetype: modify @@ -52,6 +53,7 @@ dn: cn=computers,cn=accounts,$SUFFIX changetype: modify add: aci aci: (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) +aci: (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) # Define which hosts can edit other hosts # The managedby attribute stores the DN of hosts that are allowed to manage @@ -60,6 +62,7 @@ dn: cn=computers,cn=accounts,$SUFFIX changetype: modify add: aci aci: (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) +aci: (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) dn: cn=computers,cn=accounts,$SUFFIX changetype: modify |