diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-01-13 15:54:06 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2011-01-14 14:06:56 -0500 |
commit | 5549dca50e17cf8b0eb4880fa832630d26ecc5b9 (patch) | |
tree | f589be5cf67c33f5c2e3aef4e511d8206bd30e40 /install/share | |
parent | cfa23b1c2a421e795095c4b40c21e53d5090dce0 (diff) | |
download | freeipa.git-5549dca50e17cf8b0eb4880fa832630d26ecc5b9.tar.gz freeipa.git-5549dca50e17cf8b0eb4880fa832630d26ecc5b9.tar.xz freeipa.git-5549dca50e17cf8b0eb4880fa832630d26ecc5b9.zip |
Move Virtual Operations container under cn=etc
Fixes: https://fedorahosted.org/freeipa/ticket/759
Diffstat (limited to 'install/share')
-rw-r--r-- | install/share/delegation.ldif | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif index 85b7e736..79b5159d 100644 --- a/install/share/delegation.ldif +++ b/install/share/delegation.ldif @@ -626,14 +626,14 @@ aci: (target = "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,$SUFFIX")(version 3 # Create virtual operations entry. This is used to control access to # operations that don't rely on LDAP directly. -dn: cn=virtual operations,$SUFFIX +dn: cn=virtual operations,cn=etc,$SUFFIX changetype: add objectClass: top objectClass: nsContainer cn: virtual operations # Retrieve Certificate virtual op -dn: cn=retrieve certificate,cn=virtual operations,$SUFFIX +dn: cn=retrieve certificate,cn=virtual operations,cn=etc,$SUFFIX changetype: add objectClass: top objectClass: nsContainer @@ -650,10 +650,10 @@ member: cn=certadmin,cn=privileges,cn=pbac,$SUFFIX dn: $SUFFIX changetype: modify add: aci -aci: (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,$SUFFIX" )(version 3.0 ; acl "Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=retrieve_certs,cn=permissions,cn=pbac,$SUFFIX";) +aci: (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,$SUFFIX" )(version 3.0 ; acl "Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=retrieve_certs,cn=permissions,cn=pbac,$SUFFIX";) # Request Certificate virtual op -dn: cn=request certificate,cn=virtual operations,$SUFFIX +dn: cn=request certificate,cn=virtual operations,cn=etc,$SUFFIX changetype: add objectClass: top objectClass: nsContainer @@ -670,10 +670,10 @@ member: cn=certadmin,cn=privileges,cn=pbac,$SUFFIX dn: $SUFFIX changetype: modify add: aci -aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,$SUFFIX" )(version 3.0 ; acl "Request Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=request_certs,cn=permissions,cn=pbac,$SUFFIX";) +aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,$SUFFIX" )(version 3.0 ; acl "Request Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=request_certs,cn=permissions,cn=pbac,$SUFFIX";) # Request Certificate from different host virtual op -dn: cn=request certificate different host,cn=virtual operations,$SUFFIX +dn: cn=request certificate different host,cn=virtual operations,cn=etc,$SUFFIX changetype: add objectClass: top objectClass: nsContainer @@ -690,10 +690,10 @@ member: cn=certadmin,cn=privileges,cn=pbac,$SUFFIX dn: $SUFFIX changetype: modify add: aci -aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,$SUFFIX" )(version 3.0 ; acl "Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=request_cert_different_host,cn=permissions,cn=pbac,$SUFFIX";) +aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,$SUFFIX" )(version 3.0 ; acl "Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=request_cert_different_host,cn=permissions,cn=pbac,$SUFFIX";) # Certificate Status virtual op -dn: cn=certificate status,cn=virtual operations,$SUFFIX +dn: cn=certificate status,cn=virtual operations,cn=etc,$SUFFIX changetype: add objectClass: top objectClass: nsContainer @@ -710,10 +710,10 @@ member: cn=certadmin,cn=privileges,cn=pbac,$SUFFIX dn: $SUFFIX changetype: modify add: aci -aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,$SUFFIX" )(version 3.0 ; acl "Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=certificate_status,cn=permissions,cn=pbac,$SUFFIX";) +aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,$SUFFIX" )(version 3.0 ; acl "Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=certificate_status,cn=permissions,cn=pbac,$SUFFIX";) # Revoke Certificate virtual op -dn: cn=revoke certificate,cn=virtual operations,$SUFFIX +dn: cn=revoke certificate,cn=virtual operations,cn=etc,$SUFFIX changetype: add objectClass: top objectClass: nsContainer @@ -730,10 +730,10 @@ member: cn=certadmin,cn=privileges,cn=pbac,$SUFFIX dn: $SUFFIX changetype: modify add: aci -aci: (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,$SUFFIX" )(version 3.0 ; acl "Revoke Certificate"; allow (write) groupdn = "ldap:///cn=revoke_certificate,cn=permissions,cn=pbac,$SUFFIX";) +aci: (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,$SUFFIX" )(version 3.0 ; acl "Revoke Certificate"; allow (write) groupdn = "ldap:///cn=revoke_certificate,cn=permissions,cn=pbac,$SUFFIX";) # Certificate Remove Hold virtual op -dn: cn=certificate remove hold,cn=virtual operations,$SUFFIX +dn: cn=certificate remove hold,cn=virtual operations,cn=etc,$SUFFIX changetype: add objectClass: top objectClass: nsContainer @@ -750,4 +750,4 @@ member: cn=certadmin,cn=privileges,cn=pbac,$SUFFIX dn: $SUFFIX changetype: modify add: aci -aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,$SUFFIX" )(version 3.0 ; acl "Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=certificate_remove_hold,cn=permissions,cn=pbac,$SUFFIX";) +aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,$SUFFIX" )(version 3.0 ; acl "Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=certificate_remove_hold,cn=permissions,cn=pbac,$SUFFIX";) |