freeipa

Clone
Source Code
GIT

63becae Set user addressbook/IPA attribute read ACI to anonymous on upgrades from 3.x

Authored and Committed by pviktori 9 years ago
raw patch tree parent
2 files changed. 31 lines added. 0 lines removed.
ipalib/plugins/user.py
file modified
+17 -0
ipaserver/install/plugins/update_managed_permissions.py
file modified
+14 -0 
    Set user addressbook/IPA attribute read ACI to anonymous on upgrades from 3.x
    
    When upgrading from an "old" IPA, or installing the first "new" replica,
    we need to keep allowing anonymous access to many user attributes.
    
    Add an optional 'fixup_function' to the managed permission templates,
    and use it to set the bind rule type to 'anonymous' when installing
    (or upgrading to) the first "new" master.
    
    This assumes that the anonymous read ACI will be removed in a "new" IPA.
    
    Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
    
    Reviewed-By: Martin Kosek <mkosek@redhat.com>
file modified
+17 -0
file modified
+14 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.