On 04/03/2014 12:09 PM, Petr Viktorin wrote:
> Hello,
> This adds read permissions to read HBAC rules, services, and service groups.
> 
> Read access is given to all authenticated users.

So far looked OK in my tests. What about the ACIs like the following one?

(targetattr = "*")(version 3.0; acl "No anonymous access to hbac"; deny
(read,search,compare) userdn != "ldap:///all";;)

Do we want to remove them together with this patch to have the change grouped
together with allow ACIs or do you plan to remove all similar deny ACIs at
once? (together with the master read ACI)

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to