On Fri, 08 Oct 2010 15:07:53 -0400
Rob Crittenden <rcrit...@redhat.com> wrote:
> Rob Crittenden wrote:
> > Disallow writes on serverHostName, enrolledBy and memberOf
> > Regular users already can't write these, it just affects admins.
> > serverHostName because this is tied to the FQDN so should only be
> > changed on a host rename (which we don't do).
> > enrolledBy because this should reflect relality.
> > memberOf because the plugin should do this. Directly manging this
> > attribute would be pretty dangerous and confusing.
> > Also remove a redundant aci granting the admins group write access
> > to users and groups. They have it with through the "admins can
> > modify any entry" aci.
> > tickets 300, 302, 304
> > rob
> Updated patch. We need to allow writing enrolledBy so we can actually
> enroll a host! I'll have to prevent writes to this by other means or
> through a more specific aci.
Simo Sorce * Red Hat, Inc * New York
Freeipa-devel mailing list