mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
9dda004f27
Make it possible to create a managed permission with ipapermbindruletype="self". The ACI will have bind rule '(userdn = "ldap:///self")'. Example ------- Allow users to modify their own fasTimezone and fasIRCNick attributes: ``` managed_permissions = { "System: Self-Modify FAS user attributes": { "ipapermright": {"write"}, "ipapermtargetfilter": ["(objectclass=fasuser)"], "ipapermbindruletype": "self", "ipapermdefaultattr": ["fasTimezone", "fasIRCNick"], } } ``` See: https://github.com/fedora-infra/freeipa-fas/pull/107 Fixes: https://pagure.io/freeipa/issue/8348 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> |
||
---|---|---|
.. | ||
build | ||
css | ||
doc | ||
images | ||
js | ||
less | ||
src | ||
test | ||
util | ||
favicon.ico | ||
Gruntfile.js | ||
ie.css | ||
index.html | ||
ipa.css | ||
jsl.conf | ||
Makefile.am | ||
package.json | ||
README-LICENSE.txt | ||
reset_password.html | ||
sync_otp.html |