IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-12 17:21:55 -06:00
Code Issues Packages Projects Releases Wiki Activity
c08296adff
freeipa/install/share/dns.ldif
Rob Crittenden 7bd3b3e121 Fix DNS permissions and membership in privileges 
This resolves two issues:

1. The DNS acis lacked a prefix so weren't tied to permissions
2. The permissions were added before the privileges so the member
   values weren't calculated properly

For updates we need to add in the members and recalculate memberof via
a DS task.

https://fedorahosted.org/freeipa/ticket/1898
2011-10-09 23:44:22 -04:00

56 lines
2.4 KiB
Plaintext
Raw Blame History

dn: cn=dns,$SUFFIX
changetype: add
objectClass: nsContainer
objectClass: top
cn: dns
dn: $SUFFIX
changetype: modify
add: aci
aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:add dns entries";allow (add) groupdn = "ldap:///cn=add dns entries,cn=permissions,cn=pbac,$SUFFIX";)
aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:remove dns entries";allow (delete) groupdn = "ldap:///cn=remove dns entries,cn=permissions,cn=pbac,$SUFFIX";)
aci: (targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "permission:update dns entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX";)
dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
cn: DNS Administrators
description: DNS Administrators
dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
cn: DNS Servers
description: DNS Servers
dn: cn=add dns entries,cn=permissions,cn=pbac,$SUFFIX
changetype: add
objectClass: groupofnames
objectClass: top
cn: add dns entries
description: Add DNS entries
member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
member: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
dn: cn=remove dns entries,cn=permissions,cn=pbac,$SUFFIX
changetype: add
objectClass: groupofnames
objectClass: top
cn: remove dns entries
description: Remove DNS entries
member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
member: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
dn: cn=update dns entries,cn=permissions,cn=pbac,$SUFFIX
changetype: add
objectClass: groupofnames
objectClass: top
cn: update dns entries
description: Update DNS entries
member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
member: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
Reference in New Issue View Git Blame Copy Permalink