On 11/04/2013 02:49 PM, Petr Viktorin wrote:
> Hello,
> During discussions about fine-grained read ACIs [0], it became clear that we
> need to grant permissions to "all authenticated" and "all, even anonymous" 
> users.
> Here is a design document for the feature:
> http://www.freeipa.org/page/V3/Anonymous_and_All_permissions
> [0] http://www.redhat.com/archives/freeipa-devel/2013-October/msg00050.html

Looks good to me. Pretty much reflects what were talking about in person.

Kudos for also writing the Test Cases. I am just thinking we may also want to
do some "functional" tests and e.g. add an anonymous permission to read some
hidden attribute and then to try to read it with anonymous LDAP search.


Freeipa-devel mailing list

Reply via email to