https://bugzilla.redhat.com/show_bug.cgi?id=634301
Only going to do this in the plugin, not as an ACI, to prevent accidental overwriting.
disallow writes on some attrs freeipa-566-write.patch
Oh, hrm, I forgot about host enrollment, this will break it. New patch coming.
The enrolledBy attribute was addressed by a later patch, this is fixed.
master: 9726941
attachment freeipa-rcrit-813-enrolledby.patch
I think that enrolledBy got added back as a mistake but I can't be sure.
I do remember have a discussion with Simo related to this type of field, if not this particular one. It is difficult to write an aci with sufficient logic to allow some updates and disallow others.
So enrolledBy won't be removed during unenrollment, but it will be updated when a host is enrolled.
master: 37e3bf2
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1 - 2011/07
Login to comment on this ticket.