[Freeipa-devel] [PATCH] 0640 Add managed read permissions for compat tree
Petr Viktorin
pviktori at redhat.com
Fri Sep 5 11:51:47 UTC 2014
On 09/05/2014 01:34 PM, Alexander Bokovoy wrote:
> On Fri, 05 Sep 2014, Petr Viktorin wrote:
>> On 09/05/2014 09:18 AM, Martin Kosek wrote:
...
>>> Thanks! Looks sane to me. We would just need to remove Views related
>>> ACIs for
>>> the 4.0.x version that we will need for today.
>>
>> Thanks indeed!
>>
>> Here is the patched patch. The Read Operational Attributes permission
>> is split for createtimestamp/modifytimestamp/entryusn (anonymous) and
>> creatorsname/modifiersname (authenticated).
> Thanks! ACK.
Pushed to:
master: 418ce870bfbe13cea694a7b862cafe35c703f660
ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17
ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7
>> Only admins can read the cn=compat entry itself. I don't think that's
>> an issue though.
> It is an empty virtual entry that doesn't exist anywhere and is
> synthesized by slapi-nis on each request.
As with most containers, it's not very interesting, but if it's hidden
its contents won't be listed in GUI browsers.
In the compat tree that's not much of an issue, hopefully.
--
Petr³
More information about the Freeipa-devel
mailing list