mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-12 09:11:55 -06:00
0be9888499
If trusted domain object (TDO) is lacking ipaAllowedToPerform;read_keys attribute values, it cannot be used by SSSD to retrieve TDO keys and the whole communication with Active Directory domain controllers will not be possible. This seems to affect trusts which were created before ipaAllowedToPerform;read_keys permission granting was introduced (FreeIPA 4.2). Add back the default setting for the permissions which grants access to trust agents and trust admins. Resolves: https://pagure.io/freeipa/issue/8067 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| adtrust.py | ||
| ca_renewal_master.py | ||
| dns.py | ||
| fix_replica_agreements.py | ||
| rename_managed.py | ||
| update_ca_topology.py | ||
| update_dna_shared_config.py | ||
| update_fix_duplicate_cacrt_in_ldap.py | ||
| update_idranges.py | ||
| update_ldap_server_list.py | ||
| update_managed_permissions.py | ||
| update_nis.py | ||
| update_pacs.py | ||
| update_passsync.py | ||
| update_ra_cert_store.py | ||
| update_referint.py | ||
| update_services.py | ||
| update_unhashed_password.py | ||
| update_uniqueness.py | ||
| upload_cacrt.py | ||