diff options
author | Martin Basti <mbasti@redhat.com> | 2016-05-12 10:54:20 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-03 15:58:21 +0200 |
commit | bae621415dd15a5569774cbc89ba1747b0d069dc (patch) | |
tree | f792a9fdafd84b69bb407cf718251251ed33fb5c /ACI.txt | |
parent | 180d7458de60af3e9a7256f3242eec9031f4442b (diff) | |
download | freeipa-bae621415dd15a5569774cbc89ba1747b0d069dc.tar.gz freeipa-bae621415dd15a5569774cbc89ba1747b0d069dc.tar.xz freeipa-bae621415dd15a5569774cbc89ba1747b0d069dc.zip |
DNS Locations: location-* commands
http://www.freeipa.org/page/V4/DNS_Location_Mechanism
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ACI.txt')
-rw-r--r-- | ACI.txt | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -158,6 +158,14 @@ dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krbmaxrenewableage || krbmaxticketlife")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read User Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) +dn: cn=locations,cn=etc,dc=ipa,dc=example +aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";) +dn: cn=locations,cn=etc,dc=ipa,dc=example +aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write) groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";) +dn: cn=locations,cn=etc,dc=ipa,dc=example +aci: (targetattr = "createtimestamp || description || entryusn || idnsname || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";) +dn: cn=locations,cn=etc,dc=ipa,dc=example +aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=ng,cn=alt,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn = "ldap:///cn=System: Add Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=ng,cn=alt,dc=ipa,dc=example |