IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

permissions: add permissions for read and mod of external group members

Browse Source 
Issue: "User Administrator" role cannot add users to an External Group.

https://fedorahosted.org/freeipa/ticket/5504

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Petr Vobornik
2016-06-23 17:42:17 +02:00
committed by Martin Basti
parent d4ad2c98aa
commit da5487c407
2 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
ipaserver/plugins/group.py
View File

@@ -194,6 +194,13 @@ class group(LDAPObject):
'member', 'memberof', 'memberuid', 'memberuser', 'memberhost',
},
},
'System: Read External Group Membership': {
'ipapermbindruletype': 'all',
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
'ipaexternalmember',
},
},
'System: Add Groups': {
'ipapermright': {'add'},
'replaces': [
@@ -216,6 +223,16 @@ class group(LDAPObject):
'Group Administrators', 'Modify Group membership'
},
},
'System: Modify External Group Membership': {
'ipapermright': {'write'},
'ipapermtargetfilter': [
'(objectclass=ipaexternalgroup)',
],
'ipapermdefaultattr': {'ipaexternalmember'},
'default_privileges': {
'Group Administrators', 'Modify Group membership'
},
},
'System: Modify Groups': {
'ipapermright': {'write'},
'ipapermdefaultattr': {