[Freeipa-devel] [PATCH] 0507 Allow anonymous read access to containers
Martin Kosek
mkosek at redhat.com
Mon Apr 7 14:43:32 UTC 2014
On 04/03/2014 01:34 PM, Petr Viktorin wrote:
> Hello,
> This adds anonymous read access to containers, as discussed in this thread:
> https://www.redhat.com/archives/freeipa-devel/2014-March/msg00442.html
>
> Additionally access is granted for $SUFFIX itself with targetfilter
> "(objectclass=domain)", and attributes objectclass, dc, info, nisDomain,
> associatedDomain.
>
> These are raw ACIs, not permission-based ones.
Starting a new sub-thread to differential from the LDIF/update file fixes.
I tested the new ACI and it worked ok for me (is a prerequisite for easy
testing of the subsequent ACI patches). I assume you plan to handle cn=etc tree
in other patch.
ACK from me in that case (not pushing right now to let Simo raise any concerns
he may have).
Martin
More information about the Freeipa-devel
mailing list