On 04/07/2014 05:00 PM, Simo Sorce wrote:
On Mon, 2014-04-07 at 16:43 +0200, Martin Kosek wrote:
On 04/03/2014 01:34 PM, Petr Viktorin wrote:
This adds anonymous read access to containers, as discussed in this thread:

Additionally access is granted for $SUFFIX itself with targetfilter
"(objectclass=domain)", and attributes objectclass, dc, info, nisDomain,

These are raw ACIs, not permission-based ones.

Starting a new sub-thread to differential from the LDIF/update file fixes.

I tested the new ACI and it worked ok for me (is a prerequisite for easy
testing of the subsequent ACI patches). I assume you plan to handle cn=etc tree
in other patch.

ACK from me in that case (not pushing right now to let Simo raise any concerns
he may have).

Thanks, pushed to master: 0e659983a6454370021a748d7534cad9febd6cc1


I do not have any concern on the ACI itself, I only mused about ldif
+update vs update only, sorry if I gave the worng impression.



Freeipa-devel mailing list

Reply via email to