On Fri, 08 Oct 2010 15:07:53 -0400
Rob Crittenden <rcrit...@redhat.com> wrote:

> Rob Crittenden wrote:
> > Disallow writes on serverHostName, enrolledBy and memberOf
> >
> > Regular users already can't write these, it just affects admins.
> >
> > serverHostName because this is tied to the FQDN so should only be
> > changed on a host rename (which we don't do).
> >
> > enrolledBy because this should reflect relality.
> >
> > memberOf because the plugin should do this. Directly manging this
> > attribute would be pretty dangerous and confusing.
> >
> > Also remove a redundant aci granting the admins group write access
> > to users and groups. They have it with through the "admins can
> > modify any entry" aci.
> >
> > tickets 300, 302, 304
> >
> > rob
> 
> Updated patch. We need to allow writing enrolledBy so we can actually 
> enroll a host! I'll have to prevent writes to this by other means or 
> through a more specific aci.
> 
> rob

ACK.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to