From 77ae4da70632e17b6be09e9ad71fc353b3bad96e Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Wed, 19 Jun 2013 09:48:29 +0200 Subject: Remove entitlement support Entitlements code was not tested nor supported upstream since version 3.0. Remove the associated code. https://fedorahosted.org/freeipa/ticket/3739 --- install/share/bootstrap-template.ldif | 6 --- install/share/delegation.ldif | 80 ----------------------------------- 2 files changed, 86 deletions(-) (limited to 'install/share') diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 014f7a55b..f603ad5ce 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -125,12 +125,6 @@ objectClass: nsContainer objectClass: top cn: sysaccounts -dn: cn=entitlements,cn=etc,$SUFFIX -changetype: add -objectClass: nsContainer -objectClass: top -cn: entitlements - dn: cn=ipa,cn=etc,$SUFFIX changetype: add objectClass: nsContainer diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif index 14069586c..7fe303082 100644 --- a/install/share/delegation.ldif +++ b/install/share/delegation.ldif @@ -37,23 +37,6 @@ objectClass: nestedgroup cn: helpdesk description: Helpdesk -dn: cn=Entitlement Management,cn=roles,cn=accounts,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Entitlement Management -description: Entitlements administrator - -dn: cn=Entitlement Compliance,cn=roles,cn=accounts,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Entitlement Compliance -description: Verify entitlement compliance -member: fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX - ############################################ # Add the default privileges ############################################ @@ -146,26 +129,6 @@ objectClass: nestedgroup cn: Host Enrollment description: Host Enrollment -dn: cn=Register and Write Entitlements,cn=privileges,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Register and Write Entitlements -description: Register and Write Entitlements -member: cn=Entitlement Management,cn=roles,cn=accounts,$SUFFIX - -dn: cn=Read Entitlements,cn=privileges,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Read Entitlements -description: Read Entitlements -member: cn=Entitlement Management,cn=roles,cn=accounts,$SUFFIX -member: cn=Entitlement Compliance,cn=roles,cn=accounts,$SUFFIX - - ############################################ # Default permissions. ############################################ @@ -554,32 +517,6 @@ cn: Modify DNA Range ipapermissiontype: SYSTEM member: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX -# Entitlement management - -dn: cn=Register Entitlements,cn=permissions,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: ipapermission -cn: Register Entitlements -member: cn=Register and Write Entitlements,cn=privileges,cn=pbac,$SUFFIX - -dn: cn=Read Entitlements,cn=permissions,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: ipapermission -cn: Read Entitlements -member: cn=Read Entitlements,cn=privileges,cn=pbac,$SUFFIX - -dn: cn=Write Entitlements,cn=permissions,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: ipapermission -cn: Write Entitlements -member: cn=Register and Write Entitlements,cn=privileges,cn=pbac,$SUFFIX - ############################################ # Default permissions (ACIs) ############################################ @@ -701,23 +638,6 @@ changetype: modify add: aci aci: (targetattr = "objectclass")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Enroll a host";allow (write) groupdn = "ldap:///cn=Enroll a host,cn=permissions,cn=pbac,$SUFFIX";) -# Entitlement administration - -dn: $SUFFIX -changetype: modify -add: aci -aci: (target = "ldap:///ipaentitlementid=*,cn=entitlements,cn=etc,$SUFFIX")(version 3.0;acl "permission:Register Entitlements";allow (add) groupdn = "ldap:///cn=Register Entitlements,cn=permissions,cn=pbac,$SUFFIX";) - -dn: $SUFFIX -changetype: modify -add: aci -aci: (targetattr = "usercertificate")(target = "ldap:///ipaentitlement=*,cn=entitlements,cn=etc,$SUFFIX")(version 3.0;acl "permission:Write Entitlements";allow (write) groupdn = "ldap:///cn=Write Entitlements,cn=permissions,cn=pbac,$SUFFIX";) - -dn: $SUFFIX -changetype: modify -add: aci -aci: (targetattr = "userpkcs12")(target = "ldap:///ipaentitlementid=*,cn=entitlements,cn=etc,$SUFFIX")(version 3.0;acl "permission:Read Entitlements";allow (read) groupdn = "ldap:///cn=Read Entitlements,cn=permissions,cn=pbac,$SUFFIX";) - # Create virtual operations entry. This is used to control access to # operations that don't rely on LDAP directly. dn: cn=virtual operations,cn=etc,$SUFFIX -- cgit