Issue #4087: Users cannot add their own tokens - freeipa

freeipa

#4087 Users cannot add their own tokens

Closed: Fixed None Opened 10 years ago by npmccallum.

This is currently denied by the FreeIPA ACIs. We essentially need this:

(target =
"ldap:///ipatokenuniqueid=*,cn=otp,dc=example,dc=com")(targetfilter =
"(objectClass=ipaToken)")(version 3.0; acl "otptoken-add-delete"; allow
(add, delete) userattr = "ipatokenOwner#USERDN";)

However, this doesn't currently work with 389ds because of this bug:
https://fedorahosted.org/389/ticket/47653

npmccallum commented 10 years ago

https://www.redhat.com/archives/freeipa-devel/2014-February/msg00059.html

pviktori commented 10 years ago

master:

a91c097 Update ACIs to permit users to add/delete their own tokens

Metadata Update from @npmccallum:
- Issue assigned to npmccallum
- Issue set to the milestone: FreeIPA 4.0 - 2014/02

7 years ago

Metadata

Assignee

npmccallum

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.0 - 2014/02

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

OTP

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#4087 Users cannot add their own tokens Closed: Fixed None Opened 10 years ago by npmccallum.

Metadata

#4087 Users cannot add their own tokens

Closed: Fixed None Opened 10 years ago by npmccallum.