diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2016-06-24 17:02:25 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-07-01 09:37:25 +0200 |
| commit | 7e803aa4625869ef6a8e78a09cd99270c4cc77e5 (patch) | |
| tree | 3cc76e129c93f35688c210ec6cc7f2c23c59c702 | |
| parent | d1517482b5e9508780087ec48be63a5bb531fed9 (diff) | |
| download | freeipa-7e803aa4625869ef6a8e78a09cd99270c4cc77e5.tar.gz freeipa-7e803aa4625869ef6a8e78a09cd99270c4cc77e5.tar.xz freeipa-7e803aa4625869ef6a8e78a09cd99270c4cc77e5.zip | |
replace an ACI relying on presence of deprecated objectclass
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
| -rw-r--r-- | install/updates/20-aci.update | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update index 6cadef416..e9c10f54a 100644 --- a/install/updates/20-aci.update +++ b/install/updates/20-aci.update @@ -120,7 +120,8 @@ add:aci:(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can # Hosts can add their own services dn: cn=services,cn=accounts,$SUFFIX -add:aci: (target = "ldap:///krbprincipalname=*/($$dn)@$REALM,cn=services,cn=accounts,$SUFFIX")(targetfilter = "(objectClass=ipaKrbPrincipal)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($$dn),cn=computers,cn=accounts,$SUFFIX";) +remove:aci: (target = "ldap:///krbprincipalname=*/($$dn)@$REALM,cn=services,cn=accounts,$SUFFIX")(targetfilter = "(objectClass=ipaKrbPrincipal)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($$dn),cn=computers,cn=accounts,$SUFFIX";) +add:aci: (target = "ldap:///krbprincipalname=*/($$dn)@$REALM,cn=services,cn=accounts,$SUFFIX")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($$dn),cn=computers,cn=accounts,$SUFFIX";) # CIFS service on the master can manage ID ranges dn: cn=ranges,cn=etc,$SUFFIX |