From d893b77fb69ef2e0aedf823e7cd82ca86a2971af Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Wed, 26 Mar 2014 17:11:23 +0100
Subject: Add several managed read permissions under cn=etc

This adds permissions to:
- cn=masters,cn=ipa (with new privilege)
- cn=dna,cn=ipa (authenticated users)
- cn=ca_renewal,cn=ipa (authenticated users)
- cn=CAcert,cn=ipa (anonymous)
- cn=replication (authenticated users)
- cn=ad (authenticated users)

Part of the work for: https://fedorahosted.org/freeipa/ticket/3566

Reviewed-By: Martin Kosek <mkosek@redhat.com>
---
 install/updates/40-delegation.update | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'install')

diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update
index 33383038c..7f0f85124 100644
--- a/install/updates/40-delegation.update
+++ b/install/updates/40-delegation.update
@@ -461,3 +461,10 @@ default:objectClass: groupofnames
 default:objectClass: top
 default:cn: Automember Readers
 default:description: Read Automember definitions
+
+dn: cn=IPA Masters Readers,cn=privileges,cn=pbac,$SUFFIX
+default:objectClass: nestedgroup
+default:objectClass: groupofnames
+default:objectClass: top
+default:cn: IPA Masters Readers
+default:description: Read list of IPA masters
-- 
cgit