Fix: Add managed read permissions for compat tree and operational attrs

This is a fix for an earlier version, which was committed by mistake as: master: 418ce870bf ipa-4-0: 3e2c86aeab ipa-4-1: 9bcd88589e Thanks to Alexander Bokovoy for contributions https://fedorahosted.org/freeipa/ticket/4521
2025-02-25 18:55:28 -06:00 · 2014-09-05 15:25:29 +02:00
parent c50dff2282
commit 68d656f80a
6 changed files with 32 additions and 10 deletions
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -204,12 +204,12 @@ class group(LDAPObject):
        },
        'System: Read Group Compat Tree': {
            'non_object': True,
-            'ipapermbindruletype': 'all',
+            'ipapermbindruletype': 'anonymous',
            'ipapermlocation': api.env.basedn,
            'ipapermtarget': DN('cn=groups', 'cn=compat', api.env.basedn),
            'ipapermright': {'read', 'search', 'compare'},
            'ipapermdefaultattr': {
-                'objectclass', 'cn', 'memberuid',
+                'objectclass', 'cn', 'memberuid', 'gidnumber',
            },
        },
    }