diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2017-03-09 18:14:52 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2017-03-14 18:37:10 +0100 |
| commit | 1b5f56d15455b6019dd532cb9635fa2c44cb0022 (patch) | |
| tree | 11efce9db63ed865aa45f46860712309f9645e5c /ACI.txt | |
| parent | 594c87daf873ceec0c0cf3464bcb1aadb9f2b92a (diff) | |
| download | freeipa-1b5f56d15455b6019dd532cb9635fa2c44cb0022.tar.gz freeipa-1b5f56d15455b6019dd532cb9635fa2c44cb0022.tar.xz freeipa-1b5f56d15455b6019dd532cb9635fa2c44cb0022.zip | |
ipaconfig: add the ability to manipulate domain resolution order
optional attribute was added to config object along with validator that
check for valid domain names and also checks whether the specified
domains exist in FreeIPA or in trusted forests and, in case of trusted
domains, are not disabled.
Part of http://www.freeipa.org/page/V4/AD_User_Short_Names
https://pagure.io/freeipa/issue/6372
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ACI.txt')
| -rw-r--r-- | ACI.txt | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -61,7 +61,7 @@ aci: (targetattr = "cn || description || ipacertprofilestoreissued")(targetfilte dn: cn=certprofiles,cn=ca,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacertprofilestoreissued || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Read Certificate Profiles";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=ipaconfig,cn=etc,dc=ipa,dc=example -aci: (targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";) +aci: (targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipadomainresolutionorder || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=costemplates,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Add Group Password Policy costemplate";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy costemplate,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=costemplates,cn=accounts,dc=ipa,dc=example |