freeipa/ipaserver/install
Christian Heimes 9dda004f27 Allow permissions with 'self' bindruletype
Make it possible to create a managed permission with
ipapermbindruletype="self". The ACI will have bind rule
'(userdn = "ldap:///self")'.

Example
-------

Allow users to modify their own fasTimezone and fasIRCNick attributes:

```
managed_permissions = {
    "System: Self-Modify FAS user attributes": {
        "ipapermright": {"write"},
        "ipapermtargetfilter": ["(objectclass=fasuser)"],
        "ipapermbindruletype": "self",
        "ipapermdefaultattr": ["fasTimezone", "fasIRCNick"],
    }
}
```

See: https://github.com/fedora-infra/freeipa-fas/pull/107
Fixes: https://pagure.io/freeipa/issue/8348
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-06-07 10:18:03 +03:00
..
plugins Allow permissions with 'self' bindruletype 2020-06-07 10:18:03 +03:00
server Remove obsolete BIND named.conf options 2020-06-05 09:23:57 +02:00
__init__.py Remove __all__ specifications in ipaclient and ipaserver.install 2013-09-06 15:42:33 +02:00
adtrust.py Use api.env.container_sysaccounts 2020-04-28 11:28:29 +02:00
adtrustinstance.py Use api.env.container_sysaccounts 2020-04-28 11:28:29 +02:00
bindinstance.py Remove obsolete BIND named.conf options 2020-06-05 09:23:57 +02:00
ca.py move MSCSTemplate classes to ipalib 2019-07-17 17:58:58 +03:00
cainstance.py Secure AJP connector between Dogtag and Apache proxy 2020-03-11 17:41:17 +01:00
certs.py removed unused function export_pem_p12 2019-12-17 09:18:37 +01:00
conncheck.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
custodiainstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
dns.py Check for freeipa-server-dns package early 2020-05-15 14:24:00 +02:00
dnskeysyncinstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
dogtag.py Verify pki ini override early 2019-04-10 13:43:23 +02:00
dogtaginstance.py pki-proxy: Don't rely on running apache until it's configured 2020-03-18 16:36:36 +02:00
dsinstance.py Fix E714 test for object identity should be 'is not' 2020-05-05 10:42:46 +02:00
httpinstance.py httpinstance: add ipa-ca.$DOMAIN alias in initial request 2020-03-25 11:13:03 +11:00
installutils.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
ipa_backup.py ipa-backup: Make sure all roles are installed on the current master. 2020-04-01 12:09:16 +02:00
ipa_cacert_manage.py lint: Make Pylint-2.4 happy again 2020-02-12 18:08:32 +02:00
ipa_cert_fix.py avoid realm_to_serverid deprecation warning 2019-05-29 12:49:27 +10:00
ipa_crlgen_manage.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
ipa_kra_install.py Fix E722 do not use bare 'except' 2020-05-05 10:42:46 +02:00
ipa_ldap_updater.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
ipa_otptoken_import.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
ipa_pkinit_manage.py PKINIT: fix ipa-pkinit-manage enable|disable 2018-12-05 11:06:21 +01:00
ipa_replica_install.py Enable replica install info logging to match ipa-server-install 2018-11-01 13:08:58 +01:00
ipa_restore.py ipa-restore: restart services at the end 2020-03-13 15:30:09 +01:00
ipa_server_certinstall.py Move realm_to_serverid/ldap_uri to ipaldap 2019-02-05 08:39:13 -05:00
ipa_server_install.py Improve console logging for ipa-server-install 2018-06-20 08:38:03 +02:00
ipa_server_upgrade.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipa_trust_enable_agent.py ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
ipa_winsync_migrate.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipactl.py ipa_client_automount.py and ipactl.py: fix codestyle 2019-06-28 10:53:07 +02:00
kra.py krainstance: set correct issuer DN in uid=ipakra entry 2019-10-17 08:17:46 +02:00
krainstance.py Secure AJP connector between Dogtag and Apache proxy 2020-03-11 17:41:17 +01:00
krbinstance.py Move certauth configuration into a server krb5.conf template 2019-09-10 12:33:21 +03:00
ldapupdate.py Skip commented lines after substitution 2019-11-05 11:48:28 -05:00
odsexporterinstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
opendnssecinstance.py opendnssec2.1 support: move all ods tasks to specific file 2020-03-12 21:48:25 +01:00
otpdinstance.py Enable pylint missing-final-newline check 2015-12-23 07:59:22 +01:00
replication.py Use api.env.container_sysaccounts 2020-04-28 11:28:29 +02:00
schemaupdate.py logging: do not use ipa_log_manager to create module-level loggers 2017-07-14 15:55:59 +02:00
service.py Fix E722 do not use bare 'except' 2020-05-05 10:42:46 +02:00
sysupgrade.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
upgradeinstance.py Move realm_to_serverid/ldap_uri to ipaldap 2019-02-05 08:39:13 -05:00