[Freeipa-devel] [PATCH] 0507 Allow anonymous read access to containers
Simo Sorce
simo at redhat.com
Mon Apr 7 15:00:54 UTC 2014
On Mon, 2014-04-07 at 16:43 +0200, Martin Kosek wrote:
> On 04/03/2014 01:34 PM, Petr Viktorin wrote:
> > Hello,
> > This adds anonymous read access to containers, as discussed in this thread:
> > https://www.redhat.com/archives/freeipa-devel/2014-March/msg00442.html
> >
> > Additionally access is granted for $SUFFIX itself with targetfilter
> > "(objectclass=domain)", and attributes objectclass, dc, info, nisDomain,
> > associatedDomain.
> >
> > These are raw ACIs, not permission-based ones.
>
> Starting a new sub-thread to differential from the LDIF/update file fixes.
>
> I tested the new ACI and it worked ok for me (is a prerequisite for easy
> testing of the subsequent ACI patches). I assume you plan to handle cn=etc tree
> in other patch.
>
> ACK from me in that case (not pushing right now to let Simo raise any concerns
> he may have).
>
> Martin
I do not have any concern on the ACI itself, I only mused about ldif
+update vs update only, sorry if I gave the worng impression.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list