On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote: > On 04/08/2014 02:25 PM, Petr Viktorin wrote: > > Hello, > > These add read permissions to read user groups and hostgroups. > > > > For most attributes, anonymous read access is given. > > For member, memberOf, memberUID, read access is given only to authenticated > > users. > > Didn't we agree that we want to make hostgroups read by authenticated users > only? Just like we did with netgroups. CCing Simo to confirm. > > Besides the default bind type, the ACI looked ok.
I forgot if we decided anything about hostgroups, but they are not necessary for an anonymous reader so we may as well not server them in that case. Simo. _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel