From 1207a7c83f89fccbd38c28e2c0c2307a55956a9d Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 17 Dec 2010 15:04:47 -0500 Subject: Fix the change_password permissions and the DNS access controls. The change_password permission was too broad, limit it to users. The DNS access controls rolled everything into a single ACI. I broke it out into separate ACIs for add, delete and add. I also added a new dns type for the permission plugin. ticket 628 --- ipalib/plugins/aci.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'ipalib/plugins/aci.py') diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index 5a57a309..1dcba926 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -135,6 +135,7 @@ _type_map = { 'hostgroup': 'ldap:///cn=*,%s,%s' % (api.env.container_hostgroup, api.env.basedn), 'service': 'ldap:///krbprincipalname=*,%s,%s' % (api.env.container_service, api.env.basedn), 'netgroup': 'ldap:///ipauniqueid=*,%s,%s' % (api.env.container_netgroup, api.env.basedn), + 'dns': 'ldap:///idnsname=*,%s,%s' % (api.env.container_dns, api.env.basedn), } _valid_permissions_values = [ @@ -378,7 +379,7 @@ class aci(Object): cli_name='type', label=_('Type'), doc=_('type of IPA object (user, group, host, hostgroup, service, netgroup)'), - values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup'), + values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns',), ), Str('memberof?', cli_name='memberof', -- cgit