IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Implement support for non-LDAP-based actions that use the LDAP ACI subsystem.

Browse Source 
There are some operations, like those for the certificate system, that
don't need to write to the directory server. So instead we have an entry
that we test against to determine whether the operation is allowed or not.

This is done by attempting a write on the entry. If it would succeed then
permission is granted. If not then denied. The write we attempt is actually
invalid so the write itself will fail but the attempt will fail first if
access is not permitted, so we can distinguish between the two without
polluting the entry.
This commit is contained in:
Rob Crittenden
2009-07-10 16:40:39 -04:00
parent 5149803873
commit e31d5fb1cf
5 changed files with 230 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ipalib/constants.py
View File

@@ -96,6 +96,7 @@ DEFAULT_CONFIG = (
('container_netgroup', 'cn=ng,cn=alt'),
('container_hbac', 'cn=hbac'),
('container_dns', 'cn=dns'),
('container_virtual', 'cn=virtual operations'),
# Ports, hosts, and URIs:
('lite_xmlrpc_port', 8888),