diff options
| author | Petr Viktorin <[email protected]> | 2014-09-05 15:25:29 +0200 |
|---|---|---|
| committer | Petr Viktorin <[email protected]> | 2014-09-05 15:40:13 +0200 |
| commit | cd80528123a63250f0d0ebb167f6468ad008009f (patch) | |
| tree | 45ffd60b49ceddb867b5ce003bc1262b82c63f29 /ipalib | |
| parent | 2fd4f40e361f4acb9b3383533432bfe90dbefe0f (diff) | |
| download | freeipa-cd80528123a63250f0d0ebb167f6468ad008009f.tar.gz freeipa-cd80528123a63250f0d0ebb167f6468ad008009f.tar.xz freeipa-cd80528123a63250f0d0ebb167f6468ad008009f.zip | |
Fix: Add managed read permissions for compat tree and operational attrs
This is a fix for an earlier version, which was committed by mistake as:
master: 418ce870bfbe13cea694a7b862cafe35c703f660
ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17
ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7
Thanks to Alexander Bokovoy for contributions
https://fedorahosted.org/freeipa/ticket/4521
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/group.py | 4 | ||||
| -rw-r--r-- | ipalib/plugins/host.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/netgroup.py | 4 | ||||
| -rw-r--r-- | ipalib/plugins/sudorule.py | 2 |
4 files changed, 6 insertions, 6 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index a4340bb76..8d2e69f06 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -204,12 +204,12 @@ class group(LDAPObject): }, 'System: Read Group Compat Tree': { 'non_object': True, - 'ipapermbindruletype': 'all', + 'ipapermbindruletype': 'anonymous', 'ipapermlocation': api.env.basedn, 'ipapermtarget': DN('cn=groups', 'cn=compat', api.env.basedn), 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': { - 'objectclass', 'cn', 'memberuid', + 'objectclass', 'cn', 'memberuid', 'gidnumber', }, }, } diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 5301c1ac0..3f5e4e7c8 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -370,7 +370,7 @@ class host(LDAPObject): }, 'System: Read Host Compat Tree': { 'non_object': True, - 'ipapermbindruletype': 'all', + 'ipapermbindruletype': 'anonymous', 'ipapermlocation': api.env.basedn, 'ipapermtarget': DN('cn=computers', 'cn=compat', api.env.basedn), 'ipapermright': {'read', 'search', 'compare'}, diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index c71e43091..da2808f5a 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -162,12 +162,12 @@ class netgroup(LDAPObject): }, 'System: Read Netgroup Compat Tree': { 'non_object': True, - 'ipapermbindruletype': 'all', + 'ipapermbindruletype': 'anonymous', 'ipapermlocation': api.env.basedn, 'ipapermtarget': DN('cn=ng', 'cn=compat', api.env.basedn), 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': { - 'objectclass', 'cn', 'mambernisnetgroup', 'nisnetgrouptriple', + 'objectclass', 'cn', 'membernisnetgroup', 'nisnetgrouptriple', }, }, } diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index d2d30a148..f16d275b2 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -166,7 +166,7 @@ class sudorule(LDAPObject): 'non_object': True, 'ipapermlocation': api.env.basedn, 'ipapermtarget': DN('ou=sudoers', api.env.basedn), - 'ipapermbindruletype': 'all', + 'ipapermbindruletype': 'anonymous', 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': { 'objectclass', 'cn', 'ou', |