diff options
Diffstat (limited to 'install')
-rw-r--r-- | install/share/replica-acis.ldif | 5 | ||||
-rw-r--r-- | install/updates/20-aci.update | 5 |
2 files changed, 5 insertions, 5 deletions
diff --git a/install/share/replica-acis.ldif b/install/share/replica-acis.ldif index f4e96139f..8c0bc8ec3 100644 --- a/install/share/replica-acis.ldif +++ b/install/share/replica-acis.ldif @@ -1,10 +1,5 @@ # Replica administration -dn: cn=config -changetype: modify -add: aci -aci: (targetattr != aci)(version 3.0; aci "replica admins read access"; allow (read, search, compare) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";) - dn: cn="$SUFFIX",cn=mapping tree,cn=config changetype: modify add: aci diff --git a/install/updates/20-aci.update b/install/updates/20-aci.update index d9dcad2e5..f31c20177 100644 --- a/install/updates/20-aci.update +++ b/install/updates/20-aci.update @@ -46,3 +46,8 @@ add:aci:'(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sa add:aci:'(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)' # Read-only add:aci:'(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)' + +# Removal of obsolete ACIs +dn: cn=config +# Replaced by 'System: Read Replication Agreements' +remove:aci: '(targetattr != aci)(version 3.0; aci "replica admins read access"; allow (read, search, compare) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)' |