I added some more documentation and examples to the aci plugin on

ticket 310



Running behind with reviews, sorry. Just a few minor fixes:

s/"This is primarily meant to be able to allow users to add/remove
members of a specific group only."/"This is primarily designed to
users to add or remove members of a specific group."

(I _think_ I understood that ok, and didn't change the meaning.
if this target is only designed for this purpose, you don't need
"primarily". If it does something else, what is it?)

I couldn't grok 100% the "subtree" target description.

s/"... the ACI is allowed to do, they are one or more of:"/"... the ACI
is allowed to do, and are one or more of:"

For consistency's sake, s/lets/allows/ etc. Also see below:
allows members of the "addusers" taskgroup
lets members of the editors... group?
lets members of the admin group

You might need to review the examples a bit.


Updated patch.


Ok, the right updated patch this time.

I might be nit-picking now...

This might be a function of how the underlying code works in combination
with using US English, but why do we have both "zip code" and "postal

+ Add an ACI that allows members of the admin group manage the street
and zipcode of those in the editors group:
+ ipa aci-add --permissions=write --memberof=editors --group=admins
--attrs=street,postalcode "admins edit address of editors"

If "postalcode" is required in the ACI, and "Zip Code" is en-US, then
that's fine.

"...the admin group TO manage..."
"admins edit THE address of editors"

Like I said, this might be nit-picking for man pages, but what can I
say? I'm a writer.

ACK from me with those couple of updates.

Yeah, the LDAP attribute is postalCode.

Updates applied, pushed to master.



