[Freeipa-devel] [PATCH] self service aci
Pete Rowley
prowley at redhat.com
Tue Oct 30 19:33:23 UTC 2007
Pete Rowley wrote:
So, after discussion are we agreed this patch is fine?
> ------------------------------------------------------------------------
>
> # HG changeset patch
> # User Pete Rowley <prowley at redhat.com>
> # Date 1193694739 25200
> # Node ID b7941c370189043d9da4e7873add53315964eb9f
> # Parent c8eba97b92c5d2ebd0f27fd2e6e675abec0da3c9
> Add user self service aci
>
> diff -r c8eba97b92c5 -r b7941c370189 ipa-server/ipa-install/share/default-aci.ldif
> --- a/ipa-server/ipa-install/share/default-aci.ldif Mon Oct 29 14:16:44 2007 -0400
> +++ b/ipa-server/ipa-install/share/default-aci.ldif Mon Oct 29 14:52:19 2007 -0700
> @@ -8,3 +8,4 @@ aci: (targetattr="krbLastSuccessfulAuth
> aci: (targetattr="krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "KDC System Account"; allow (read, search, compare, write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)
> aci: (targetattr="userPassword || krbPrincipalKey ||sambaLMPassword || sambaNTPassword || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange")(version 3.0; acl "Kpasswd access to passowrd hashes for passowrd changes"; allow (read, write) userdn="ldap:///krbprincipalname=kadmin/changepw@$REALM,cn=$REALM,cn=kerberos,$SUFFIX";)
> aci: (targetfilter="(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfUniqueNames)(objectClass=posixGroup))")(targetattr="*")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add,delete,read,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)
> +aci: (targetattr = "givenName || sn || cn || displayName || initials || loginShell || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || userPassword")(version 3.0;acl "Self service";allow (write) userdn="ldap:///self";)
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071030/316ecfc2/attachment.bin>
More information about the Freeipa-devel
mailing list