Commit - freeipa - bc0c60688505968daf6851e3e179aab20e23af7d

    Add CA ACL plugin
    
    Implement the caacl commands, which are used to indicate which
    principals may be issued certificates from which (sub-)CAs, using
    which profiles.
    
    At this commit, and until sub-CAs are implemented, all rules refer
    to the top-level CA (represented as ".") and no ca-ref argument is
    exposed.
    
    Also, during install and upgrade add a default CA ACL that permits
    certificate issuance for all hosts and services using the profile
    'caIPAserviceCert' on the top-level CA.
    
    Part of: https://fedorahosted.org/freeipa/ticket/57
    Part of: https://fedorahosted.org/freeipa/ticket/4559
    
    Reviewed-By: Martin Basti <mbasti@redhat.com>

ACI.txt

file modified

+10 -0

API.txt

file modified

+184 -0

VERSION

file modified

+2 -2

install/share/60certificate-profiles.ldif

file modified

+5 -0

install/share/Makefile.am

file modified

+1 -0

install/share/bootstrap-template.ldif

file modified

+6 -0

install/share/default-caacl.ldif

file added

+11

install/share/indices.ldif

file modified

+20 -0

install/updates/20-indices.update

file modified

+18 -0

install/updates/25-referint.update

file modified

+2 -0

install/updates/41-caacl.update

file added

install/updates/Makefile.am

file modified

+1 -0

ipalib/constants.py

file modified

+1 -0

ipalib/plugins/caacl.py

file added

+477

ipaserver/install/dsinstance.py

file modified

+4 -0

ipaserver/install/server/upgrade.py

file modified

+25 -0

freeipa

Source Code

bc0c606 Add CA ACL plugin

16 files Authored by ftweedal 6 years ago, Committed by jcholast 6 years ago,

`bc0c606` Add CA ACL plugin