diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2014-09-30 14:54:50 +0300 |
|---|---|---|
| committer | Tomas Babej <tomasbabej@gmail.com> | 2014-10-20 16:47:49 +0200 |
| commit | bd98ab035665e9ed913b9c0efd11c7685f2034f3 (patch) | |
| tree | a270d74718d9a41cae423a78bf77cb68daaa2e7e /ipaserver | |
| parent | 1cc11ebf53e811f15e855fa209df30f9eb8f83f0 (diff) | |
| download | freeipa-bd98ab035665e9ed913b9c0efd11c7685f2034f3.tar.gz freeipa-bd98ab035665e9ed913b9c0efd11c7685f2034f3.tar.xz freeipa-bd98ab035665e9ed913b9c0efd11c7685f2034f3.zip | |
Support idviews in compat tree
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/plugins/update_managed_permissions.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py index df49d5d32..032485aac 100644 --- a/ipaserver/install/plugins/update_managed_permissions.py +++ b/ipaserver/install/plugins/update_managed_permissions.py @@ -117,6 +117,17 @@ NONOBJECT_PERMISSIONS = { }, 'default_privileges': {'IPA Masters Readers'}, }, + 'System: Compat Tree ID View targets': { + 'replaces_global_anonymous_aci': True, + 'ipapermlocation': api.env.basedn, + 'ipapermtarget': DN('cn=*,cn=compat', api.env.basedn), + 'ipapermtargetfilter': {'(objectclass=ipaOverrideTarget)'}, + 'ipapermbindruletype': 'anonymous', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'ipaAnchorUUID', + }, + }, 'System: Read DNA Configuration': { 'replaces_global_anonymous_aci': True, 'ipapermlocation': DN('cn=dna,cn=ipa,cn=etc', api.env.basedn), |