1 files changed, 23 insertions, 1 deletions

diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py
index c231847d5..b3ae7646f 100644
--- a/ipaserver/plugins/user.py
+++ b/ipaserver/plugins/user.py
@@ -43,7 +43,9 @@ from .baseuser import (
     convert_nsaccountlock,
     fix_addressbook_permission_bindrule,
     baseuser_add_manager,
-    baseuser_remove_manager)
+    baseuser_remove_manager,
+    baseuser_add_principal,
+    baseuser_remove_principal)
 from .idviews import remove_ipaobject_overrides
 from ipalib.plugable import Registry
 from .baseldap import (
@@ -287,6 +289,14 @@ class user(baseuser):
                 'Modify Users and Reset passwords',
             },
         },
+        'System: Manage User Principals': {
+            'ipapermright': {'write'},
+            'ipapermdefaultattr': {'krbprincipalname', 'krbcanonicalname'},
+            'default_privileges': {
+                'User Administrators',
+                'Modify Users and Reset passwords',
+            },
+        },
         'System: Modify Users': {
             'ipapermright': {'write'},
             'ipapermdefaultattr': {
@@ -1187,3 +1197,15 @@ class user_add_manager(baseuser_add_manager):
 @register()
 class user_remove_manager(baseuser_remove_manager):
     __doc__ = _("Remove a manager to the user entry")
+
+
+@register()
+class user_add_principal(baseuser_add_principal):
+    __doc__ = _('Add new principal alias to the user entry')
+    msg_summary = _('Added new aliases to user "%(value)s"')
+
+
+@register()
+class user_remove_principal(baseuser_remove_principal):
+    __doc__ = _('Remove principal alias from the user entry')
+    msg_summary = _('Removed aliases from user "%(value)s"')