freeipa/install
Petr Viktorin e951f18416 permissions: Use multivalued targetfilter
Change the target filter to be multivalued.

Make the `type` option on permissions set location and an
(objectclass=...) targetfilter, instead of location and target.
Make changing or unsetting `type` remove existing
(objectclass=...) targetfilters only, and similarly,
changing/unsetting `memberof` to remove (memberof=...) only.

Update tests

Part of the work for: https://fedorahosted.org/freeipa/ticket/4074

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-02-20 13:11:41 +01:00
..
certmonger Convert remaining installer code to LDAPEntry API. 2014-01-24 20:29:31 +01:00
conf Use only system fonts 2014-01-21 12:05:09 +01:00
ffextension Kerberos authentication extension makefiles 2012-10-04 18:07:34 -04:00
html Load updated Web UI files after server upgrade 2013-10-16 18:06:30 +02:00
migration Use IPAdmin rather than raw python-ldap in migration.py and ipadiscovery.py 2013-03-13 12:36:33 +01:00
po Use /usr/bin/python2 2014-01-03 09:46:05 +01:00
restart_scripts Convert remaining installer code to LDAPEntry API. 2014-01-24 20:29:31 +01:00
share permissions: Use multivalued targetfilter 2014-02-20 13:11:41 +01:00
tools ipactl can not restart ipa services if current status is stopped 2014-02-19 17:47:57 +01:00
ui Trust domains Web UI 2014-01-21 12:24:54 +01:00
updates Update ACIs to permit users to add/delete their own tokens 2014-02-13 19:43:29 +01:00
wsgi Generate plugin index dynamically 2013-05-06 16:22:30 +02:00
configure.ac RCUE initial commit 2014-01-21 12:04:02 +01:00
Makefile.am Change group ownership of CRL publish directory 2013-07-16 12:17:40 +02:00
README.schema Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.