JR Aquino wrote:
On 1/20/11 10:05 AM, "Rob Crittenden"<[email protected]> wrote:
Simo Sorce wrote:
On Wed, 19 Jan 2011 17:51:56 -0500
Rob Crittenden<[email protected]> wrote:
+aci: (targetattr = "member || memberOf || memberHost ||
memberUser")(version 3.0; acl "No anonymous access to member
information"; deny (read,search,compare) userdn != "ldap:///all";;)
Nack, without 'member', nss_ldap will have no way to determine
posixAccount group memberships using anonymous access (the default).
Simo.
Ok, dropped member and added an aci for cn=roles.
rob
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
pushed to master
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
