mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Make main selfservice aci visible to the selfservice plugin.
ticket 934
This commit is contained in:
parent
121da04579
commit
d9eb19b0e8
@ -15,10 +15,10 @@ aci: (targetattr = "krbPrincipalName || krbCanonicalName || krbUPEnabled || krbM
|
||||
aci: (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)
|
||||
aci: (targetattr = "*")(target = "ldap:///cn=*,ou=SUDOers,$SUFFIX")(version 3.0; acl "No anonymous access to sudo"; deny (read,search,compare) userdn != "ldap:///all";)
|
||||
|
||||
dn: cn=users,cn=accounts,$SUFFIX
|
||||
dn: $SUFFIX
|
||||
changetype: modify
|
||||
add: aci
|
||||
aci: (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeeType || businesscategory || ou")(version 3.0;acl "Self service";allow (write) userdn = "ldap:///self";)
|
||||
aci: (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)
|
||||
|
||||
dn: cn=etc,$SUFFIX
|
||||
changetype: modify
|
||||
|
Loading…
Reference in New Issue
Block a user