On 11/04/2013 04:33 PM, Martin Kosek wrote:
On 11/04/2013 02:49 PM, Petr Viktorin wrote:
Hello,
During discussions about fine-grained read ACIs [0], it became clear that we
need to grant permissions to "all authenticated" and "all, even anonymous"
users.
Here is a design document for the feature:
http://www.freeipa.org/page/V3/Anonymous_and_All_permissions
[0] http://www.redhat.com/archives/freeipa-devel/2013-October/msg00050.html
Looks good to me. Pretty much reflects what were talking about in person.
Kudos for also writing the Test Cases. I am just thinking we may also want to
do some "functional" tests and e.g. add an anonymous permission to read some
hidden attribute and then to try to read it with anonymous LDAP search.
I'll have some functional tests in the upcoming read permissions design.
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel