[Freeipa-devel] [PATCH] self service aci
Simo Sorce
ssorce at redhat.com
Mon Oct 29 22:53:18 UTC 2007
On Mon, 2007-10-29 at 15:35 -0700, Pete Rowley wrote:
> Simo Sorce wrote:
> > On Mon, 2007-10-29 at 14:55 -0700, Pete Rowley wrote:
> >
> >> +aci: (targetattr = "givenName || sn || cn || displayName || initials
> >> || loginShell || homePhone || mobile || pager ||
> >> facsimileTelephoneNumber || telephoneNumber || street || roomNumber ||
> >> l || st || postalCode || manager || description || carLicense ||
> >> labeledURI || inetUserHTTPURL || seeAlso || userPassword")(version
> >> 3.0;acl "Self service";allow (write) userdn="ldap:///self";)
> >>
> >
> > Allow users by default to change name (givenName, cn, sn), manager and
> > loginShell by themselves?
> >
> >
> loginShell might be a problem, what issue do you have with the others?
Well I am not sure it makes sense to change your own name, why should
you?
Same for the manager, we might think of ACIs where manager=<something>
may matter
Simo.
More information about the Freeipa-devel
mailing list