diff options
author | Jan Cholasta <jcholast@redhat.com> | 2011-12-07 02:47:29 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-13 22:20:23 -0500 |
commit | 9b6baf9beeb733d77883f4ed32e553265ee15543 (patch) | |
tree | 6a7879c423daf647641bf76f3244e79f36d9a953 /install/share/delegation.ldif | |
parent | 63ea0a304ec734a64d28e7c9b0f2b172224155d6 (diff) | |
download | freeipa-9b6baf9beeb733d77883f4ed32e553265ee15543.tar.gz freeipa-9b6baf9beeb733d77883f4ed32e553265ee15543.tar.xz freeipa-9b6baf9beeb733d77883f4ed32e553265ee15543.zip |
Add LDAP ACIs for SSH public key schema.
https://fedorahosted.org/freeipa/ticket/754
Diffstat (limited to 'install/share/delegation.ldif')
-rw-r--r-- | install/share/delegation.ldif | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif index a3c6bd110..68b205e8e 100644 --- a/install/share/delegation.ldif +++ b/install/share/delegation.ldif @@ -221,6 +221,14 @@ objectClass: ipapermission cn: Modify Users member: cn=User Administrators,cn=privileges,cn=pbac,$SUFFIX +dn: cn=Manage User SSH Public Keys,cn=permissions,cn=pbac,$SUFFIX +changetype: add +objectClass: top +objectClass: groupofnames +objectClass: ipapermission +cn: Manage User SSH Public Keys +member: cn=User Administrators,cn=privileges,cn=pbac,$SUFFIX + # Group administration dn: cn=Add Groups,cn=permissions,cn=pbac,$SUFFIX @@ -281,6 +289,14 @@ objectClass: ipapermission cn: Modify Hosts member: cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX +dn: cn=Manage Host SSH Public Keys,cn=permissions,cn=pbac,$SUFFIX +changetype: add +objectClass: top +objectClass: groupofnames +objectClass: ipapermission +cn: Manage Host SSH Public Keys +member: cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX + # Hostgroup administration dn: cn=Add Hostgroups,cn=permissions,cn=pbac,$SUFFIX @@ -554,6 +570,7 @@ aci: (targetattr = "krbLastAdminUnlock || krbLoginFailedCount")(target = "ldap:/ aci: (targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Add user to default group";allow (write) groupdn = "ldap:///cn=Add user to default group,cn=permissions,cn=pbac,$SUFFIX";) aci: (target = "ldap:///uid=*,cn=users,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Remove Users";allow (delete) groupdn = "ldap:///cn=Remove Users,cn=permissions,cn=pbac,$SUFFIX";) aci: (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou || mepmanagedentry || objectclass")(target = "ldap:///uid=*,cn=users,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Modify Users";allow (write) groupdn = "ldap:///cn=Modify Users,cn=permissions,cn=pbac,$SUFFIX";) +aci: (targetattr = "ipasshpubkey")(target = "ldap:///uid=*,cn=users,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Manage User SSH Public Keys";allow (write) groupdn = "ldap:///cn=Manage User SSH Public Keys,cn=permissions,cn=pbac,$SUFFIX";) # Group administration @@ -575,6 +592,7 @@ add: aci aci: (target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Add Hosts";allow (add) groupdn = "ldap:///cn=Add Hosts,cn=permissions,cn=pbac,$SUFFIX";) aci: (target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Remove Hosts";allow (delete) groupdn = "ldap:///cn=Remove Hosts,cn=permissions,cn=pbac,$SUFFIX";) aci: (targetattr = "description || l || nshostlocation || nshardwareplatform || nsosversion")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Modify Hosts";allow (write) groupdn = "ldap:///cn=Modify Hosts,cn=permissions,cn=pbac,$SUFFIX";) +aci: (targetattr = "ipasshpubkey")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Manage Host SSH Public Keys";allow (write) groupdn = "ldap:///cn=Manage Host SSH Public Keys,cn=permissions,cn=pbac,$SUFFIX";) # Hostgroup administration |