mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-30 10:47:08 -06:00
bc0c606885
Implement the caacl commands, which are used to indicate which principals may be issued certificates from which (sub-)CAs, using which profiles. At this commit, and until sub-CAs are implemented, all rules refer to the top-level CA (represented as ".") and no ca-ref argument is exposed. Also, during install and upgrade add a default CA ACL that permits certificate issuance for all hosts and services using the profile 'caIPAserviceCert' on the top-level CA. Part of: https://fedorahosted.org/freeipa/ticket/57 Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Martin Basti <mbasti@redhat.com>
22 lines
999 B
Plaintext
22 lines
999 B
Plaintext
# Expand attributes checked by Referential Integrity plugin
|
|
# pres and eq indexes defined in 20-indices.update must be set for all these
|
|
# attributes
|
|
# NOTE: migration to new style is done in update_referint.py
|
|
dn: cn=referential integrity postoperation,cn=plugins,cn=config
|
|
add: referint-membership-attr: manager
|
|
add: referint-membership-attr: secretary
|
|
add: referint-membership-attr: memberuser
|
|
add: referint-membership-attr: memberhost
|
|
add: referint-membership-attr: sourcehost
|
|
add: referint-membership-attr: memberservice
|
|
add: referint-membership-attr: managedby
|
|
add: referint-membership-attr: memberallowcmd
|
|
add: referint-membership-attr: memberdenycmd
|
|
add: referint-membership-attr: ipasudorunas
|
|
add: referint-membership-attr: ipasudorunasgroup
|
|
add: referint-membership-attr: ipatokenradiusconfiglink
|
|
add: referint-membership-attr: ipaassignedidview
|
|
add: referint-membership-attr: ipaallowedtarget
|
|
add: referint-membership-attr: ipamemberca
|
|
add: referint-membership-attr: ipamembercertprofile
|