IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix the change_password permissions and the DNS access controls.

Browse Source 
The change_password permission was too broad, limit it to users.

The DNS access controls rolled everything into a single ACI. I broke
it out into separate ACIs for add, delete and add. I also added a new
dns type for the permission plugin.

ticket 628
This commit is contained in:
Rob Crittenden
2010-12-17 15:04:47 -05:00
committed by Adam Young
parent b66c680f86
commit 1207a7c83f
4 changed files with 33 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ipalib/plugins/aci.py
View File

@@ -135,6 +135,7 @@ _type_map = {
'hostgroup': 'ldap:///cn=*,%s,%s' % (api.env.container_hostgroup, api.env.basedn),
'service': 'ldap:///krbprincipalname=*,%s,%s' % (api.env.container_service, api.env.basedn),
'netgroup': 'ldap:///ipauniqueid=*,%s,%s' % (api.env.container_netgroup, api.env.basedn),
'dns': 'ldap:///idnsname=*,%s,%s' % (api.env.container_dns, api.env.basedn),
}
_valid_permissions_values = [
@@ -378,7 +379,7 @@ class aci(Object):
cli_name='type',
label=_('Type'),
doc=_('type of IPA object (user, group, host, hostgroup, service, netgroup)'),
values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup'),
values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns',),
),
Str('memberof?',
cli_name='memberof',