[Freeipa-devel] [PATCHES] 0534-0535 Add several managed read permissions under cn=etc
Simo Sorce
ssorce at redhat.com
Wed Apr 23 12:48:09 UTC 2014
On Wed, 2014-04-23 at 13:42 +0200, Petr Viktorin wrote:
> This adds managed read permissions to cn=etc. Since these permissions
> are not bound to objects, the first patch adds support for those.
> They're defined in the update plugin.
>
> The second patch adds permissions for various subtrees/entries in
> cn=etc, according to the [discussion thread].
>
> I wonder if we should limit the attributes in cn=replication; are all
> nsds5replica attrs needed?
Nope, IIRC we use this object exclusively to set the next available
replica id.
> For cn=ad,cn=etc I put the permission in cn=etc and used a target,
> since
> cn=ad is not present by default.
>
ok.
Simo.
>
More information about the Freeipa-devel
mailing list