Commit Graph

10 Commits

Author SHA1 Message Date
Tibor Dudlák
468eb3c712 Add Role 'Enrollment Administrator'
User with the 'Enrollment Administrator' role assigned is able to
enroll client with ipa-client-install command.

Resolves: https://pagure.io/freeipa/issue/6852
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-06-09 16:37:40 +02:00
Jan Cholasta
e137f305ed aci: allow members of ipaservers to set up replication
Add ACIs which allow the members of the ipaservers host group to set up
replication. This allows IPA hosts to perform replica promotion on
themselves.

A number of checks which need read access to certain LDAP entries is done
during replica promotion. Add ACIs to allow these checks to be done using
any valid IPA host credentials.

https://fedorahosted.org/freeipa/ticket/5401

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
2015-12-07 08:14:13 +01:00
Martin Basti
943c539122 ULC: fix: upgrade for stage Stage User Admins failed
Upgrade failed because entry 'dn: cn=Stage User
Administrators,cn=privileges,cn=pbac,$SUFFIX' doesnt exist.

Now upgrade will create the privilege if it does not exist.

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: David Kupka <dkupka@redhat.com>
2015-06-02 13:50:19 +00:00
Thierry Bordaz
51937cc571 User life cycle: Stage user Administrators permission/priviledge
Creation of stage user administrator

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: David Kupka <dkupka@redhat.com>
2015-05-18 09:37:21 +02:00
Martin Basti
5783d0c832 Server Upgrade: remove CSV from upgrade files
CSV values are not supported in upgrade files anymore

Instead of

   add:attribute: 'first, part', second

please use

  add:attribute: firts, part
  add:attribute: second

Required for ticket: https://fedorahosted.org/freeipa/ticket/4984

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-05-11 16:08:01 +00:00
Petr Viktorin
af366278b8 Convert Group default permissions to managed
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-06-24 13:53:40 +02:00
Petr Viktorin
53a63ae346 Convert User default permissions to managed
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-06-10 13:55:56 +02:00
Rob Crittenden
373e9d1cf8 Reorder privileges so that memberof for permissions are generated properly.
The privilege was added after the permission causing the memberof to not
be generated.

Add a new task to regenerate memberof for existing PBAC to fix upgrades.

https://fedorahosted.org/freeipa/ticket/2058
https://fedorahosted.org/freeipa/ticket/2059
https://fedorahosted.org/freeipa/ticket/2060
https://fedorahosted.org/freeipa/ticket/2061
2011-12-08 10:08:10 +01:00
Rob Crittenden
07ba40f33e Use Sudo rather than SUDO as a label.
ticket 1005
2011-03-01 16:48:35 -05:00
Rob Crittenden
ac68ea3c6c Add default roles and permissions for HBAC, SUDO and pw policy
Created some default roles as examples. In doing so I realized that
we were completely missing default rules for HBAC, SUDO and password
policy so I added those as well.

I ran into a problem when the updater has a default record and an add
at the same time, it should handle it better now.

ticket 585
2011-02-22 10:02:24 -05:00