diff options
| author | Martin Basti <mbasti@redhat.com> | 2016-06-13 20:02:21 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-06-17 15:22:24 +0200 |
| commit | 2157ea0e6d0d762bdc71022ddd55045406c4b300 (patch) | |
| tree | 312c488152c3d417f230906fb2476c4885bc17f7 /ACI.txt | |
| parent | 88a0952f26f9d1e2ee9d02126b27f3075dbad46a (diff) | |
| download | freeipa-2157ea0e6d0d762bdc71022ddd55045406c4b300.tar.gz freeipa-2157ea0e6d0d762bdc71022ddd55045406c4b300.tar.xz freeipa-2157ea0e6d0d762bdc71022ddd55045406c4b300.zip | |
DNS Locations: dnsserver-* commands
New commands for manipulation with DNS server configuration were added:
* dnsserver-show
* dnsserver-mod
* dnsserver-find
https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ACI.txt')
| -rw-r--r-- | ACI.txt | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -63,6 +63,10 @@ aci: (targetattr = "createtimestamp || entryusn || idnsallowsyncptr || idnsforwa dn: dc=ipa,dc=example aci: (targetattr = "idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Write DNS Configuration";allow (write) groupdn = "ldap:///cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example +aci: (targetattr = "idnsforwarders || idnsforwardpolicy || idnssoamname || idnssubstitutionvariable")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Modify DNS Servers Configuration";allow (write) groupdn = "ldap:///cn=System: Modify DNS Servers Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";) +dn: dc=ipa,dc=example +aci: (targetattr = "createtimestamp || entryusn || idnsforwarders || idnsforwardpolicy || idnsserverid || idnssoamname || idnssubstitutionvariable || modifytimestamp || objectclass")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Read DNS Servers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";) +dn: dc=ipa,dc=example aci: (target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Add DNS Entries";allow (add) groupdn = "ldap:///cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretkeyref || ipawrappingkey || ipawrappingmech || ipk11allowedmechanisms || ipk11alwaysauthenticate || ipk11alwayssensitive || ipk11checkvalue || ipk11copyable || ipk11decrypt || ipk11derive || ipk11destroyable || ipk11distrusted || ipk11encrypt || ipk11enddate || ipk11extractable || ipk11id || ipk11keygenmechanism || ipk11keytype || ipk11label || ipk11local || ipk11modifiable || ipk11neverextractable || ipk11private || ipk11publickeyinfo || ipk11sensitive || ipk11sign || ipk11signrecover || ipk11startdate || ipk11subject || ipk11trusted || ipk11uniqueid || ipk11unwrap || ipk11unwraptemplate || ipk11verify || ipk11verifyrecover || ipk11wrap || ipk11wraptemplate || ipk11wrapwithtrusted || objectclass")(target = "ldap:///cn=keys,cn=sec,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Manage DNSSEC keys";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=ipa,dc=example";) |