summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Babinsky <mbabinsk@redhat.com>2016-06-24 17:02:25 +0200
committerMartin Basti <mbasti@redhat.com>2016-07-01 09:37:25 +0200
commit7e803aa4625869ef6a8e78a09cd99270c4cc77e5 (patch)
tree3cc76e129c93f35688c210ec6cc7f2c23c59c702
parentd1517482b5e9508780087ec48be63a5bb531fed9 (diff)
downloadfreeipa-7e803aa4625869ef6a8e78a09cd99270c4cc77e5.zip
freeipa-7e803aa4625869ef6a8e78a09cd99270c4cc77e5.tar.gz
freeipa-7e803aa4625869ef6a8e78a09cd99270c4cc77e5.tar.xz
replace an ACI relying on presence of deprecated objectclass
Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
-rw-r--r--install/updates/20-aci.update3
1 files changed, 2 insertions, 1 deletions
diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update
index 6cadef4..e9c10f5 100644
--- a/install/updates/20-aci.update
+++ b/install/updates/20-aci.update
@@ -120,7 +120,8 @@ add:aci:(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can
# Hosts can add their own services
dn: cn=services,cn=accounts,$SUFFIX
-add:aci: (target = "ldap:///krbprincipalname=*/($$dn)@$REALM,cn=services,cn=accounts,$SUFFIX")(targetfilter = "(objectClass=ipaKrbPrincipal)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($$dn),cn=computers,cn=accounts,$SUFFIX";)
+remove:aci: (target = "ldap:///krbprincipalname=*/($$dn)@$REALM,cn=services,cn=accounts,$SUFFIX")(targetfilter = "(objectClass=ipaKrbPrincipal)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($$dn),cn=computers,cn=accounts,$SUFFIX";)
+add:aci: (target = "ldap:///krbprincipalname=*/($$dn)@$REALM,cn=services,cn=accounts,$SUFFIX")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($$dn),cn=computers,cn=accounts,$SUFFIX";)
# CIFS service on the master can manage ID ranges
dn: cn=ranges,cn=etc,$SUFFIX