mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
e137f305ed
Add ACIs which allow the members of the ipaservers host group to set up replication. This allows IPA hosts to perform replica promotion on themselves. A number of checks which need read access to certain LDAP entries is done during replica promotion. Add ACIs to allow these checks to be done using any valid IPA host credentials. https://fedorahosted.org/freeipa/ticket/5401 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
94 lines
3.4 KiB
Plaintext
94 lines
3.4 KiB
Plaintext
# Helpdesk roles
|
|
dn: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,$SUFFIX
|
|
default:objectClass: top
|
|
default:objectClass: groupofnames
|
|
default:objectClass: nestedgroup
|
|
default:cn: Modify Users and Reset passwords
|
|
default:description: Modify Users and Reset passwords
|
|
default:member: cn=helpdesk,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Modify Group membership,cn=privileges,cn=pbac,$SUFFIX
|
|
default:objectClass: top
|
|
default:objectClass: groupofnames
|
|
default:objectClass: nestedgroup
|
|
default:cn: Modify Group membership
|
|
default:description: Modify Group membership
|
|
default:member: cn=helpdesk,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=User Administrator,cn=roles,cn=accounts,$SUFFIX
|
|
default:objectClass: groupofnames
|
|
default:objectClass: nestedgroup
|
|
default:objectClass: top
|
|
default:cn: User Administrator
|
|
default:description: Responsible for creating Users and Groups
|
|
|
|
dn: cn=User Administrators,cn=privileges,cn=pbac,$SUFFIX
|
|
add: member: cn=User Administrator,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Group Administrators,cn=privileges,cn=pbac,$SUFFIX
|
|
add: member: cn=User Administrator,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Stage User Administrators,cn=privileges,cn=pbac,$SUFFIX
|
|
default:objectClass: groupofnames
|
|
default:objectClass: nestedgroup
|
|
default:objectClass: top
|
|
default:cn: Stage User Administrators
|
|
default:description: Stage User Administrators
|
|
add: member: cn=User Administrator,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=IT Specialist,cn=roles,cn=accounts,$SUFFIX
|
|
default:objectClass: groupofnames
|
|
default:objectClass: nestedgroup
|
|
default:objectClass: top
|
|
default:cn: IT Specialist
|
|
default:description: IT Specialist
|
|
|
|
dn: cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=IT Specialist,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Host Group Administrators,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=IT Specialist,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Service Administrators,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=IT Specialist,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Automount Administrators,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=IT Specialist,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=IT Security Specialist,cn=roles,cn=accounts,$SUFFIX
|
|
default:objectClass: groupofnames
|
|
default:objectClass: nestedgroup
|
|
default:objectClass: top
|
|
default:cn: IT Security Specialist
|
|
default:description: IT Security Specialist
|
|
|
|
dn: cn=Netgroups Administrators,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=IT Security Specialist,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=HBAC Administrator,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=IT Security Specialist,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Sudo administrator,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=IT Security Specialist,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Security Architect,cn=roles,cn=accounts,$SUFFIX
|
|
default:objectClass: groupofnames
|
|
default:objectClass: nestedgroup
|
|
default:objectClass: top
|
|
default:cn: Security Architect
|
|
default:description: Security Architect
|
|
|
|
dn: cn=Delegation Administrator,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=Security Architect,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=ipaservers,cn=hostgroups,cn=accounts,$SUFFIX
|
|
add:member: cn=Security Architect,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=Security Architect,cn=roles,cn=accounts,$SUFFIX
|
|
|
|
dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,$SUFFIX
|
|
add:member: cn=Security Architect,cn=roles,cn=accounts,$SUFFIX
|
|
|