freeipa/install
Petr Vobornik 7710bfb5bd Association facets are read only in self service
This patch works with assumption that user in self-service mode doesn't have rights for enrolling/un-enrolling himself to/from group, role, hbac rule, net group, sudo rule. He can only read the attributes. Therefore in self service mode all user association facets are set read only.

Checkingi and working with the actual rights would require significantly bigger effort.

https://fedorahosted.org/freeipa/ticket/1972
2011-12-12 19:14:46 +00:00
..
conf Revert "Always require SSL in the Kerberos authorization block." 2011-09-27 08:54:42 +02:00
html Fixed inconsistent image names. 2011-10-27 14:05:12 +00:00
migration ticket 2022 - modify codebase to utilize IPALogManager, obsoletes logging 2011-11-23 09:36:18 +01:00
po Ticket 1718 - Fix Spanish po translation file 2011-10-11 22:46:02 -04:00
share Add SELinux user mapping framework. 2011-12-09 16:46:25 +02:00
tools Ask for user confirmation in ipa-server-install 2011-12-07 14:45:09 +01:00
ui Association facets are read only in self service 2011-12-12 19:14:46 +00:00
updates Add SELinux user mapping framework. 2011-12-09 16:46:25 +02:00
configure.ac Fixed inconsistent image names. 2011-10-27 14:05:12 +00:00
Makefile.am rename static to ui 2011-01-20 14:12:47 +00:00
README.schema Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.