mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
0be9888499
If trusted domain object (TDO) is lacking ipaAllowedToPerform;read_keys attribute values, it cannot be used by SSSD to retrieve TDO keys and the whole communication with Active Directory domain controllers will not be possible. This seems to affect trusts which were created before ipaAllowedToPerform;read_keys permission granting was introduced (FreeIPA 4.2). Add back the default setting for the permissions which grants access to trust agents and trust admins. Resolves: https://pagure.io/freeipa/issue/8067 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
41 lines
1.2 KiB
Plaintext
41 lines
1.2 KiB
Plaintext
# first
|
|
|
|
|
|
# middle
|
|
plugin: update_ca_topology
|
|
plugin: update_ipaconfigstring_dnsversion_to_ipadnsversion
|
|
plugin: update_dnszones
|
|
plugin: update_dns_limits
|
|
plugin: update_sigden_extdom_broken_config
|
|
plugin: update_sids
|
|
plugin: update_default_range
|
|
plugin: update_default_trust_view
|
|
plugin: update_tdo_gidnumber
|
|
plugin: update_tdo_to_new_layout
|
|
plugin: update_host_cifs_keytabs
|
|
plugin: update_tdo_default_read_keys_permissions
|
|
plugin: update_ca_renewal_master
|
|
plugin: update_idrange_type
|
|
plugin: update_pacs
|
|
plugin: update_service_principalalias
|
|
plugin: update_fix_duplicate_cacrt_in_ldap
|
|
plugin: update_upload_cacrt
|
|
# update_ra_cert_store has to be executed after update_ca_renewal_master
|
|
plugin: update_ra_cert_store
|
|
plugin: update_mapping_Guests_to_nobody
|
|
|
|
# last
|
|
# DNS version 1
|
|
plugin: update_master_to_dnsforwardzones
|
|
# DNS version 2
|
|
plugin: update_dnsforward_emptyzones
|
|
plugin: update_managed_post
|
|
plugin: update_managed_permissions
|
|
plugin: update_read_replication_agreements_permission
|
|
plugin: update_idrange_baserid
|
|
plugin: update_passync_privilege_update
|
|
plugin: update_dnsserver_configuration_into_ldap
|
|
plugin: update_ldap_server_list
|
|
plugin: update_dna_shared_config
|
|
plugin: update_unhashed_password
|