On 04/07/2014 05:00 PM, Simo Sorce wrote:
On Mon, 2014-04-07 at 16:43 +0200, Martin Kosek wrote:
On 04/03/2014 01:34 PM, Petr Viktorin wrote:
Hello,
This adds anonymous read access to containers, as discussed in this thread:
https://www.redhat.com/archives/freeipa-devel/2014-March/msg00442.html
Additionally access is granted for $SUFFIX itself with targetfilter
"(objectclass=domain)", and attributes objectclass, dc, info, nisDomain,
associatedDomain.
These are raw ACIs, not permission-based ones.
Starting a new sub-thread to differential from the LDIF/update file fixes.
I tested the new ACI and it worked ok for me (is a prerequisite for easy
testing of the subsequent ACI patches). I assume you plan to handle cn=etc tree
in other patch.
ACK from me in that case (not pushing right now to let Simo raise any concerns
he may have).
Thanks, pushed to master: 0e659983a6454370021a748d7534cad9febd6cc1
Martin
I do not have any concern on the ACI itself, I only mused about ldif
+update vs update only, sorry if I gave the worng impression.
Simo.
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
