[Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts
Sumit Bose
sbose at redhat.com
Wed Apr 16 16:56:25 UTC 2014
On Wed, Apr 16, 2014 at 04:59:55PM +0300, Alexander Bokovoy wrote:
> On Wed, 16 Apr 2014, Simo Sorce wrote:
> >On Wed, 2014-04-16 at 16:15 +0300, Alexander Bokovoy wrote:
> >>On Wed, 16 Apr 2014, Simo Sorce wrote:
> >>>> + 'ipanttrusteddomainsid', 'ipanttrustforesttrustinfo',
> >>>> + 'ipanttrustposixoffset',
> >>>> 'ipantsupportedencryptiontypes',
> >>>> + 'ipantsidblacklistincoming',
> >>>> 'ipantsidblacklistoutgoing',
> >>>> + # ipaNTDomainAttrs:
> >>>> + 'ipantsecurityidentifier', 'ipantflatname',
> >>>> 'ipantdomainguid',
> >>>> + 'ipantfallbackprimarygroup',
> >>>> + },
> >>>> + },
> >>>> + }
> >>>>
> >>>> label = _('Trusts')
> >>>> label_singular = _('Trust')
> >>>
> >>>In general I am not sure all authenticated users need access to all this
> >>>info. Alexander ?
> >>SSSD needs to read some of this information for subdomains support.
> >>That would be at least host/*@REALM who needs to access it.
> >
> >Can you please list exactly which ones are needed ?
> SSSD subdomains support needs:
> - objectclasses ipaNTTrustedDomain/ipaNTDomainAttrs
> - ipaNTFlatName
> - ipaNTSecurityIdentifier
> - ipaNTTrustedDomainSID
> - cn
>
> - objectclass ipaIDRange
> - cn
> - ipaBaseID
> - ipaIDRangeSize
> - ipaBaseRID
> - ipaSecondaryBaseRID
iparangetype and ipanttrusteddomainsid are needed as well.
bye,
Sumit
>
>
>
>
> >
> >Simo.
> >
> >
> >
>
> --
> / Alexander Bokovoy
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list