Dmitri Pal wrote:
Adam Young wrote:
On 12/13/2010 11:27 AM, Dmitri Pal wrote:


Sorry this whole part just does not make sense to me. What is the target
group? Where it came from?


One ACI that uses this is 'add_user_to_default_group. This is used in
the permission 'useradmin'.


  The json response for permission-show looks like this:
|{
||    "error": null,
||    "id": 2,
||    "result": {
||        "result": {
||            "attributelevelrights": {
||                "aci": "rscwo",
||                "businesscategory": "rscwo",
||                "cn": "rscwo",
||                "description": "rscwo",
||                "member": "rscwo",
||                "nsaccountlock": "rscwo",
||                "o": "rscwo",
||                "objectclass": "rscwo",
||                "ou": "rscwo",
||                "owner": "rscwo",
||                "seealso": "rscwo"
||            },
||            "attrs": [
||                "member"
||            ],
||            "cn": [
||                "add_user_to_default_group"
||            ],
||            "description": [
||                "Add user to default group"
||            ],
||            "dn": 
"cn=add_user_to_default_group,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel||,dc=redhat,dc=com",
||            "member_privilege": [
||                "useradmin"
||            ],
||            "objectclass": [
||                "top",
||                "groupofnames"
||            ],
||            "permissions": [
||                "write"
||            ],
||            "targetgroup": 
"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc||=redhat,dc=com"
||        },
||        "summary": null,
||        "value": "add_user_to_default_group"
||    }
||}|

IMO this is a special case and should end up in the generic LDAP filter.
Rob it seems this case is unclear and we need to sort it out.


A targetgroup lets you manage a specific group. In this case it grants permission to manage the membership of the ipausers group.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to