From 86f943ca180a72c4cfa3a8a03226f2471a97981b Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 28 Apr 2014 14:23:19 +0200
Subject: Replace "replica admins read access" ACI with a permission

Add a 'Read Replication Agreements' permission to replace
the read ACI for cn=config.

https://fedorahosted.org/freeipa/ticket/3829

Reviewed-By: Martin Kosek <mkosek@redhat.com>
---
 install/share/replica-acis.ldif | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'install/share')

diff --git a/install/share/replica-acis.ldif b/install/share/replica-acis.ldif
index f4e96139f..8c0bc8ec3 100644
--- a/install/share/replica-acis.ldif
+++ b/install/share/replica-acis.ldif
@@ -1,10 +1,5 @@
 # Replica administration
 
-dn: cn=config
-changetype: modify
-add: aci
-aci: (targetattr != aci)(version 3.0; aci "replica admins read access"; allow (read, search, compare) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)
-
 dn: cn="$SUFFIX",cn=mapping tree,cn=config
 changetype: modify
 add: aci
-- 
cgit