[Freeipa-devel] [PATCH] 0616 Allow read access to services in cn=masters to auth'd users
Petr Spacek
pspacek at redhat.com
Fri Jul 4 12:55:01 UTC 2014
On 4.7.2014 14:49, Petr Viktorin wrote:
> Hello,
>
> The dns-is-enabled command, used by the Web UI to determine if DNS pages
> should be displayed, queries '(&(objectClass=ipaConfigObject)(cn=DNS))' in
> cn=masters. However, currently the service entries are not accessible to all
> users, so the check will fail for non-admins.
>
> We talked about this with Martin and agreed that there's no sensitive
> information in the service entries.
> This patch grants read access to all authenticated users.
>
> Simo, is this OK?
BTW this information has to be available anyway. It will be necessary for
automatic NS record management.
(After all, it doesn't make sense to require user input for NS records because
valid values can be simply enumerated from LDAP.)
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list