diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2015-12-01 10:44:59 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-12-07 08:13:23 +0100 |
| commit | 7b9a97383ce4090d30e624fc8b7263d6c5f1b823 (patch) | |
| tree | 14678dd397565aa86b65bf8efdc5c7d67cce94d3 /install/share | |
| parent | a8d7ce5cf1ccd6c8a81fa5b4569afa3aa3c2882d (diff) | |
| download | freeipa-7b9a97383ce4090d30e624fc8b7263d6c5f1b823.tar.gz freeipa-7b9a97383ce4090d30e624fc8b7263d6c5f1b823.tar.xz freeipa-7b9a97383ce4090d30e624fc8b7263d6c5f1b823.zip | |
aci: replace per-server ACIs with ipaserver-based ACIs
https://fedorahosted.org/freeipa/ticket/3416
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Diffstat (limited to 'install/share')
| -rw-r--r-- | install/share/default-aci.ldif | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif index 7b174e774..dd15cbe56 100644 --- a/install/share/default-aci.ldif +++ b/install/share/default-aci.ldif @@ -77,17 +77,6 @@ changetype: modify add: aci aci: (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) -# Let host add and update CA renewal certificates -dn: cn=ipa,cn=etc,$SUFFIX -changetype: modify -add: aci -aci: (target="ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,$SUFFIX")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) userdn = "ldap:///fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX";) - -dn: cn=ipa,cn=etc,$SUFFIX -changetype: modify -add: aci -aci: (target="ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,$SUFFIX")(targetattr="userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn = "ldap:///fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX";) - # Let users manage their own tokens dn: $SUFFIX changetype: modify |