summaryrefslogtreecommitdiffstats
path: root/install/share
diff options
context:
space:
mode:
Diffstat (limited to 'install/share')
-rw-r--r--install/share/delegation.ldif2
1 files changed, 1 insertions, 1 deletions
diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif
index f46589eb..c6124084 100644
--- a/install/share/delegation.ldif
+++ b/install/share/delegation.ldif
@@ -578,7 +578,7 @@ dn: $SUFFIX
changetype: modify
add: aci
aci: (target = "ldap:///cn=*,cn=groups,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Add Groups";allow (add) groupdn = "ldap:///cn=Add Groups,cn=permissions,cn=pbac,$SUFFIX";)
-aci: (targetattr = "member")(target = "ldap:///cn=*,cn=groups,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Modify Group membership";allow (write) groupdn = "ldap:///cn=Modify Group membership,cn=permissions,cn=pbac,$SUFFIX";)
+aci: (targetfilter = "(!(cn=admins))")(targetattr = "member")(target = "ldap:///cn=*,cn=groups,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Modify Group membership";allow (write) groupdn = "ldap:///cn=Modify Group membership,cn=permissions,cn=pbac,$SUFFIX";)
aci: (target = "ldap:///cn=*,cn=groups,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Remove Groups";allow (delete) groupdn = "ldap:///cn=Remove Groups,cn=permissions,cn=pbac,$SUFFIX";)
# We need objectclass and gidnumber in modify so a non-posix group can be
# promoted. We need mqpManagedBy and ipaUniqueId so a group can be detached.
generated by cgit (git 2.34.1) at 2025-09-06 14:26:14 +0000