mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Remove faulty DNS memberOf Task
This task was added with a DN colliding with privilege update memberOf task being run later and caused this task to be ineffective and thus miss some privilege membership, like "SELinux User Map Administrators" DNS update plugin do not need to run any task at all as privileges will be updated later in scope of 55-pbacmemberof.update https://fedorahosted.org/freeipa/ticket/3877
This commit is contained in:
Martin Kosek
Petr Viktorin
parent
3a4a7458c7
commit
b1451373c4
@ -1,5 +1,6 @@
|
||||
# Add missing member values to attach permissions to their respective
|
||||
# privileges and run a memberOf task.
|
||||
# privileges
|
||||
# Memberof task is already being run in 55-pbacmemberof.update
|
||||
dn: cn=add dns entries,cn=permissions,cn=pbac,$SUFFIX
|
||||
addifexist:objectclass: ipapermission
|
||||
addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX'
|
||||
@ -18,14 +19,6 @@ addifexist:member: 'cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX'
|
||||
dn: cn=Write DNS Configuration,cn=permissions,cn=pbac,$SUFFIX
|
||||
addifexist:objectclass: ipapermission
|
||||
|
||||
dn: cn=Update PBAC memberOf $TIME, cn=memberof task, cn=tasks, cn=config
|
||||
add: objectClass: top
|
||||
add: objectClass: extensibleObject
|
||||
add: cn: IPA PBAC memberOf $TIME
|
||||
add: basedn: 'cn=privileges,cn=pbac,$SUFFIX'
|
||||
add: filter: (objectclass=*)
|
||||
add: ttl: 10
|
||||
|
||||
# update DNS container
|
||||
dn: cn=dns, $SUFFIX
|
||||
addifexist: objectClass: idnsConfigObject
|
||||
|
||||
Loading…
Reference in New Issue
Block a user