IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use mixed-case for Read DNS Entries permission

Browse Source 
https://fedorahosted.org/freeipa/ticket/2569
This commit is contained in:
Rob Crittenden 2012-04-20 11:07:47 -04:00 committed by Martin Kosek
parent 4d66cc07dc
commit 0423213148
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
install/share/dns.ldif
View File

@ -4,7 +4,7 @@ objectClass: idnsConfigObject
objectClass: nsContainer
objectClass: top
cn: dns
aci: (targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX") and (groupdn != "ldap:///cn=read dns entries,cn=permissions,cn=pbac,$SUFFIX");)
aci: (targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX") and (groupdn != "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX");)
dn: $SUFFIX
changetype: modify
@ -57,12 +57,12 @@ description: Update DNS entries
member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
member: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
dn: cn=read dns entries,cn=permissions,cn=pbac,$SUFFIX
dn: cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
objectClass: ipapermission
cn: read dns entries
cn: Read DNS Entries
description: Read DNS entries
ipapermissiontype: SYSTEM
member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX

6
ipaserver/install/plugins/dns.py
View File

@ -100,13 +100,13 @@ class update_dns_permissions(PostUpdate):
'member:cn=DNS Servers,cn=privileges,cn=pbac,%s' \
% api.env.basedn]
_read_dns_perm_dn = DN('cn=read dns entries',
_read_dns_perm_dn = DN('cn=Read DNS Entries',
api.env.container_permission,
api.env.basedn)
_read_dns_perm_entry = ['objectClass:top',
'objectClass:groupofnames',
'objectClass:ipapermission',
'cn:read dns entries',
'cn:Read DNS Entries',
'description:Read DNS entries',
'ipapermissiontype:SYSTEM',
'member:cn=DNS Administrators,cn=privileges,cn=pbac,%s' \
@ -118,7 +118,7 @@ class update_dns_permissions(PostUpdate):
_write_dns_aci_entry = ['add:aci:\'(targetattr = "idnsforwardpolicy || idnsforwarders || idnsallowsyncptr || idnszonerefresh || idnspersistentsearch")(target = "ldap:///cn=dns,%(realm)s")(version 3.0;acl "permission:Write DNS Configuration";allow (write) groupdn = "ldap:///cn=Write DNS Configuration,cn=permissions,cn=pbac,%(realm)s";)\'' % dict(realm=api.env.basedn)]
_read_dns_aci_dn = DN(api.env.container_dns, api.env.basedn)
_read_dns_aci_entry = ['add:aci:\'(targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,%(realm)s") and (groupdn != "ldap:///cn=read dns entries,cn=permissions,cn=pbac,%(realm)s");)\'' % dict(realm=api.env.basedn) ]
_read_dns_aci_entry = ['add:aci:\'(targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,%(realm)s") and (groupdn != "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,%(realm)s");)\'' % dict(realm=api.env.basedn) ]
def execute(self, **options):
ldap = self.obj.backend