diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-08-18 16:49:40 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-08-21 14:07:01 +0200 |
| commit | 8fabd6dde152fc394bd4f093d93c8a46e5b2851b (patch) | |
| tree | 91e2dc7dfd6ffe7c09ec5b23b59a3a2e010786c9 /ipalib | |
| parent | 27128bd8f50cebb8fc3b8a86b642ca0e272d2024 (diff) | |
| download | freeipa-8fabd6dde152fc394bd4f093d93c8a46e5b2851b.tar.gz freeipa-8fabd6dde152fc394bd4f093d93c8a46e5b2851b.tar.xz freeipa-8fabd6dde152fc394bd4f093d93c8a46e5b2851b.zip | |
Support delegating RBAC roles to service principals
https://fedorahosted.org/freeipa/ticket/3164
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/role.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/service.py | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/ipalib/plugins/role.py b/ipalib/plugins/role.py index b290ceeb1..f2021d3fa 100644 --- a/ipalib/plugins/role.py +++ b/ipalib/plugins/role.py @@ -75,7 +75,7 @@ class role(LDAPObject): 'memberindirect', 'memberofindirect', ] attribute_members = { - 'member': ['user', 'group', 'host', 'hostgroup'], + 'member': ['user', 'group', 'host', 'hostgroup', 'service'], 'memberof': ['privilege'], } reverse_members = { diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 9f3791aab..69b2cc6c3 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -306,10 +306,11 @@ class service(LDAPObject): permission_filter_objectclasses = ['ipaservice'] search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata'] default_attributes = ['krbprincipalname', 'usercertificate', 'managedby', - 'ipakrbauthzdata',] + 'ipakrbauthzdata', 'memberof'] uuid_attribute = 'ipauniqueid' attribute_members = { 'managedby': ['host'], + 'memberof': ['role'], } bindable = True relationships = { |