freeipa

Clone
Source Code
GIT

120bab0 trust: allow trust agents to read POSIX identities of trust

1 file Authored by abbra 5 years ago, Committed by cheimes 5 years ago,
raw patch tree parent
1 file changed. 1 lines added. 0 lines removed.
install/updates/60-trusts.update
file modified
+1 -0 
    trust: allow trust agents to read POSIX identities of trust
    
    SSSD and Samba on IPA masters need to be able to look up POSIX
    attributes of trusted domain objects in order to allow Active Directory
    domain controllers from trusted forests to connect to LSA and NETLOGON
    pipes.
    
    We only have access to read POSIX attributes in cn=accounts,$SUFFIX
    subtree rather than whole $SUFFIX. Thus, add an ACI to trusts subtree.
    
    Fixes: https://pagure.io/freeipa/issue/6077
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.