[Freeipa-devel] [PATCH] 0507 Allow anonymous read access to containers
Simo Sorce
simo at redhat.com
Thu Apr 3 13:28:15 UTC 2014
On Thu, 2014-04-03 at 15:19 +0200, Petr Viktorin wrote:
> On 04/03/2014 02:53 PM, Simo Sorce wrote:
> > On Thu, 2014-04-03 at 13:34 +0200, Petr Viktorin wrote:
> >> Hello,
> >> This adds anonymous read access to containers, as discussed in this
> >> thread:
> >> https://www.redhat.com/archives/freeipa-devel/2014-March/msg00442.html
> >>
> >> Additionally access is granted for $SUFFIX itself with targetfilter
> >> "(objectclass=domain)", and attributes objectclass, dc, info, nisDomain,
> >> associatedDomain.
> >>
> >> These are raw ACIs, not permission-based ones.
> >>
> >
> > Why is this not set in default-aci.ldif as well ?
> >
> > Simo.
>
> Because we don't want to duplicate information.
So are we removing default-aci.ldif completely ?
I think we already mentioned this, but I can hardly recall the
discussion, sorry.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list