[Freeipa-devel] [PATCH] 728 default roles

[Rob Crittenden]

Jakub Hrozek wrote:
> On Mon, Feb 21, 2011 at 10:11:38AM -0500, Rob Crittenden wrote:
>> Rob Crittenden wrote:
>>> Jakub Hrozek wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> On 02/17/2011 04:35 AM, Rob Crittenden wrote:
>>>>> Add default roles and permissions for HBAC, SUDO and pw policy
>>>>>
>>>>> Created some default roles as examples. In doing so I realized that we
>>>>> were completely missing default rules for HBAC, SUDO and password policy
>>>>> so I added those as well.
>>>>>
>>>>> I ran into a problem when the updater has a default record and an add at
>>>>> the same time, it should handle it better now.
>>>>>
>>>>> ticket 585
>>>>>
>>>>> rob
>>>>>
>>>>
>>>> I'm not sure about the HBAC rules ACIs. They are specified as:
>>>>
>>>> 'target = "ldap:///cn=*,cn=hbac,$SUFFIX"'
>>>>
>>>> while HBAC rules' DN is:
>>>>
>>>> 'ipauniqueid=*,cn=hbac,$SUFFIX'.
>>>>
>>>> But HBAC rules do have a cn: attribute, so maybe the ACIs would work?
>>>
>>> No, you're right, this is wrong. I'll fix it up and resubmit.
>>>
>>>>
>>>> The patch also needs rebasing on top of recent changes to
>>>> install/updates/Makefile.am
>>>>
>>>> Other than that, looks OK to me.
>>>>
>>>> btw when I was reviewing this patch, I noticed we add a "DNS
>>>> Administrators" privilege in dns.ldif. Would it make sense to add DNS
>>>> administration to "Security Architect" (replication management) and "IT
>>>> Specialist" (hosts management)?
>>>
>>> The DNS stuff is added only if DNS is enabled on the server so I can't
>>> add them by default.
>>>
>>> rob
>>
>> Updated patch.
>>
>> rob
>
> Interdiff looks fine, but I'm not able to apply the patch (not even
> 3-way merge), can you rebase?

done
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-728-3-roles.patch
Type: application/mbox
Size: 20835 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110221/c2cf2c63/attachment.mbox>