mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
0ba64b1ac3
Extend Web UI logic to decide whether default Web UI view should have a full menu or should be confined to a self-service interface. Standard logic in FreeIPA Web UI is to combine two facts: * for IPA users membership in `admins` group is used to indicate full menu should be shown * for AD users the fact that ID override object is presented by IPA `whoami` command is used to confine to a self-service interface With the change to allow user ID overrides from a default trust view to be members of groups and roles, we can unify the administrative privileges checks for both IPA and AD users. Fixed: https://pagure.io/freeipa/issue/8335 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Ground rules on adding new schema Brand new schema, particularly when written specifically for IPA, should be added in share/*.ldif. Any new files need to be explicitly loaded in ipaserver/install/dsinstance.py. These simply get copied directly into the new instance schema directory. Existing schema (e.g. in an LDAP draft) may either be added as a separate ldif in share or as an update in the updates directory. The advantage of adding the schema as an update is if 389-ds ever adds the schema then the installation won't fail due to existing schema failing to load during bootstrap. If the new schema requires a new container then this should be added to install/bootstrap-template.ldif.