diff options
author | Martin Basti <mbasti@redhat.com> | 2016-05-04 17:33:52 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-03 15:58:21 +0200 |
commit | 29a8615cf36cd46e30c6048ee7e3993532e83005 (patch) | |
tree | f62ac0598ba13309460c629d1fd95afe8c050db7 /install/share/dns.ldif | |
parent | fd4386d5c98e4b823a9f05e18c8b0db857bf1284 (diff) | |
download | freeipa-29a8615cf36cd46e30c6048ee7e3993532e83005.tar.gz freeipa-29a8615cf36cd46e30c6048ee7e3993532e83005.tar.xz freeipa-29a8615cf36cd46e30c6048ee7e3993532e83005.zip |
DNS Locations: Always create DNS related privileges
DNS privileges are important for handling DNS locations which can be
created without DNS servers in IPA topology. We will also need this
privileges presented for future feature 'External DNS support'
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'install/share/dns.ldif')
-rw-r--r-- | install/share/dns.ldif | 16 |
1 files changed, 0 insertions, 16 deletions
diff --git a/install/share/dns.ldif b/install/share/dns.ldif index bd5cc57f9..6cee47867 100644 --- a/install/share/dns.ldif +++ b/install/share/dns.ldif @@ -12,19 +12,3 @@ aci: (targetattr = "*")(version 3.0; acl "Allow read access"; allow (read,search aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Add DNS entries in a zone";allow (add) userattr = "parent[1].managedby#GROUPDN";) aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Remove DNS entries from a zone";allow (delete) userattr = "parent[1].managedby#GROUPDN";) aci: (targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord || minforecord || mxrecord || naptrrecord || nsecrecord || nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";) - -dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: DNS Administrators -description: DNS Administrators - -dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: DNS Servers -description: DNS Servers |