IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add managedby to Host entries

Browse Source 
This will allow others to provision on behalf of the host.

ticket 280
This commit is contained in:
Rob Crittenden
2010-11-10 16:47:29 -05:00
committed by Adam Young
parent 2046eddb7a
commit d4f25453e1
6 changed files with 154 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
install/share/default-aci.ldif
View File

@@ -51,3 +51,11 @@ changetype: modify
add: aci
aci: (targetattr="userCertificate || krbLastPwdChange")(version 3.0; acl "Hosts can modify service userCertificate"; allow(write) userdn = "ldap:///self";)
# Define which hosts can edit other hosts
# The managedby attribute stores the DN of hosts that are allowed to manage
# another host.
dn: cn=computers,cn=accounts,$SUFFIX
changetype: modify
add: aci
aci: (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)