Allow anonymous read access to virtual operation entries

These entries are the same in all IPA installations, so there's
no need to hide them.

Also remove the ipaVirtualOperation objectclass, since it is
no longer needed.

Reviewed-By: Martin Kosek <mkosek@redhat.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update
index 42fca71f3..4eb5c737a 100644
--- a/install/updates/20-aci.update
+++ b/install/updates/20-aci.update
@@ -23,7 +23,7 @@ add:aci:'(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc ||
 
 # Read access to containers
 dn: $SUFFIX
-add:aci:'(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy))(!(objectclass=ipaVirtualOperation)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,$SUFFIX")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'
+add:aci:'(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,$SUFFIX")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'
 
 dn: cn=replicas,cn=ipa,cn=etc,$SUFFIX
 add:aci:'(targetfilter="(objectclass=nsContainer)")(version 3.0; acl "Deny read access to replica configuration"; deny(read, search, compare) userdn = "ldap:///anyone";)'