diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-03-26 17:11:23 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-04-11 10:17:41 +0200 |
| commit | c97e1d96e370cf874ffb873c45369f2960743393 (patch) | |
| tree | e03be2b0f64c358c5c704eaaf493e508cd08ee51 | |
| parent | a185d45d87539559876f7b0b4f75b904339a5b90 (diff) | |
| download | freeipa-c97e1d96e370cf874ffb873c45369f2960743393.tar.gz freeipa-c97e1d96e370cf874ffb873c45369f2960743393.tar.xz freeipa-c97e1d96e370cf874ffb873c45369f2960743393.zip | |
Add managed read permissions to realmdomains
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
| -rw-r--r-- | ipalib/plugins/realmdomains.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ipalib/plugins/realmdomains.py b/ipalib/plugins/realmdomains.py index 1928e4805..923bca47d 100644 --- a/ipalib/plugins/realmdomains.py +++ b/ipalib/plugins/realmdomains.py @@ -58,9 +58,20 @@ class realmdomains(LDAPObject): List of domains associated with IPA realm. """ container_dn = api.env.container_realm_domains + permission_filter_objectclasses = ['domainrelatedobject'] object_name = _('Realm domains') search_attributes = ['associateddomain'] default_attributes = ['associateddomain'] + managed_permissions = { + 'System: Read Realm Domains': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'objectclass', 'cn', 'associateddomain', + }, + }, + } label = _('Realm Domains') label_singular = _('Realm Domains') |