[Freeipa-devel] [PATCH] 0507 Allow anonymous read access to containers

Petr Viktorin pviktori at redhat.com
Tue Apr 8 08:34:52 UTC 2014

On 04/07/2014 05:00 PM, Simo Sorce wrote:
> On Mon, 2014-04-07 at 16:43 +0200, Martin Kosek wrote:
>> On 04/03/2014 01:34 PM, Petr Viktorin wrote:
>>> Hello,
>>> This adds anonymous read access to containers, as discussed in this thread:
>>> https://www.redhat.com/archives/freeipa-devel/2014-March/msg00442.html
>>> Additionally access is granted for $SUFFIX itself with targetfilter
>>> "(objectclass=domain)", and attributes objectclass, dc, info, nisDomain,
>>> associatedDomain.
>>> These are raw ACIs, not permission-based ones.
>> Starting a new sub-thread to differential from the LDIF/update file fixes.
>> I tested the new ACI and it worked ok for me (is a prerequisite for easy
>> testing of the subsequent ACI patches). I assume you plan to handle cn=etc tree
>> in other patch.
>> ACK from me in that case (not pushing right now to let Simo raise any concerns
>> he may have).

Thanks, pushed to master: 0e659983a6454370021a748d7534cad9febd6cc1

>> Martin
> I do not have any concern on the ACI itself, I only mused about ldif
> +update vs update only, sorry if I gave the worng impression.
> Simo.


More information about the Freeipa-devel mailing list