[Freeipa-devel] [PATCH] 0529 Add managed read permission to trusts
Martin Kosek
mkosek at redhat.com
Thu Apr 17 06:26:53 UTC 2014
On 04/16/2014 06:56 PM, Sumit Bose wrote:
> On Wed, Apr 16, 2014 at 04:59:55PM +0300, Alexander Bokovoy wrote:
>> On Wed, 16 Apr 2014, Simo Sorce wrote:
...
>>> Can you please list exactly which ones are needed ?
...
>> - objectclass ipaIDRange
>> - cn
>> - ipaBaseID
>> - ipaIDRangeSize
>> - ipaBaseRID
>> - ipaSecondaryBaseRID
>
> iparangetype and ipanttrusteddomainsid are needed as well.
>
> bye,
> Sumit
>
Thanks. But in case of ID Ranges we are safe as we exposed all ID range
attributes to all authenticated users (hosts). Trust objects are different, we
plan to have at least 2 permissions so that only needed attributes are exposed.
Martin
More information about the Freeipa-devel
mailing list