[Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts
Alexander Bokovoy
abokovoy at redhat.com
Wed Apr 16 13:59:55 UTC 2014
On Wed, 16 Apr 2014, Simo Sorce wrote:
>On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote:
>> On Wed, 16 Apr 2014, Simo Sorce wrote:
>> >> + 'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo',
>> >> + 'ipanttrustposixoffset',
>> >> 'ipantsupportedencryptiontypes',
>> >> + 'ipantsidblacklistincoming',
>> >> 'ipantsidblacklistoutgoing',
>> >> + # ipaNTDomainAttrs:
>> >> + 'ipantsecurityidentifier', 'ipantflatname',
>> >> 'ipantdomainguid',
>> >> + 'ipantfallbackprimarygroup',
>> >> + },
>> >> + },
>> >> + }
>> >>
>> >> label = _('Trusts')
>> >> label_singular = _('Trust')
>> >
>> >In general I am not sure all authenticated users need access to all this
>> >info. Alexander ?
>> SSSD needs to read some of this information for subdomains support.
>> That would be at least host/*@REALM who needs to access it.
>
>Can you please list exactly which ones are needed ?
SSSD subdomains support needs:
- objectclasses ipaNTTrustedDomain/ipaNTDomainAttrs
- ipaNTFlatName
- ipaNTSecurityIdentifier
- ipaNTTrustedDomainSID
- cn
- objectclass ipaIDRange
- cn
- ipaBaseID
- ipaIDRangeSize
- ipaBaseRID
- ipaSecondaryBaseRID
>
>Simo.
>
>
>
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list