From 8c6c93125f344ca117cc24b2e96c55b1d9ae31bd Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Jun 22 2010 17:56:17 +0000
Subject: Add separate role group for enrolling hosts, enrollhost


---

diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update
index 77dca72..fa8d2af 100644
--- a/install/updates/40-delegation.update
+++ b/install/updates/40-delegation.update
@@ -79,6 +79,12 @@ add:cn: replicaadmin
 add:description: Replication Administrators
 add:member:'uid=admin,cn=users,cn=accounts,$SUFFIX'
 
+dn: cn=enrollhost,cn=rolegroups,cn=accounts,$SUFFIX
+add:objectClass: top
+add:objectClass: nestedgroup
+add:cn: enrollhost
+add:description: Host Enrollment
+
 # Add the taskgroups referenced by the ACIs for user administration
 
 dn: cn=taskgroups,cn=accounts,$SUFFIX
@@ -465,6 +471,7 @@ add:objectClass: nestedgroup
 add:cn: manage_host_keytab
 add:description: Manage host keytab
 add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
+add:member:'cn=enrollhost,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACI needed to do host keytab admin
 dn: $SUFFIX
@@ -482,6 +489,7 @@ add:objectClass: nestedgroup
 add:cn: enroll_host
 add:description: Enroll a host
 add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
+add:member:'cn=enrollhost,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACI needed to do host enrollment. When this occurs we
 # set the krbPrincipalName, add krbPrincipalAux to objectClass and