[Freeipa-devel] [PATCH] 581 remove enrolledBy when unenrolled
Rob Crittenden
rcritten at redhat.com
Mon Oct 18 13:40:56 UTC 2010
Dmitri Pal wrote:
> Simo Sorce wrote:
>> On Fri, 15 Oct 2010 17:27:07 -0400
>> Rob Crittenden<rcritten at redhat.com> wrote:
>>
>>
>>> Remove the enrolledBy when a host is unenrolled (which is the same as
>>> disabling the host).
>>>
>>> ticket 301
>>>
>>> rob
>>>
>>
>> nack, if host can write enrolledBy it can fake info
>>
>> Simo.
>>
>>
> I agree. I think it should be "delete" rather than "write".
>
The delete permission is for entries, not for attributes.
I'll need to ask the 389-ds guys about how to do this, though I think it
may be via an attr value aci which will require some work in our aci
plugin because it doesn't currently support them.
rob
More information about the Freeipa-devel
mailing list