Read access is given to all authenticated users. -- PetrĀ³
From fe73d63509aba200d94e7d50c0143881965f8701 Mon Sep 17 00:00:00 2001 From: Petr Viktorin <[email protected]> Date: Wed, 26 Mar 2014 17:11:23 +0100 Subject: [PATCH] Add managed read permissions to realmdomains
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 --- ipalib/plugins/realmdomains.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ipalib/plugins/realmdomains.py b/ipalib/plugins/realmdomains.py index 1928e48059b3ac9ab466d9e1e263a980033f04b2..923bca47d66d40c6eaf640c2951d02a35b7cc616 100644 --- a/ipalib/plugins/realmdomains.py +++ b/ipalib/plugins/realmdomains.py @@ -58,9 +58,20 @@ class realmdomains(LDAPObject): List of domains associated with IPA realm. """ container_dn = api.env.container_realm_domains + permission_filter_objectclasses = ['domainrelatedobject'] object_name = _('Realm domains') search_attributes = ['associateddomain'] default_attributes = ['associateddomain'] + managed_permissions = { + 'System: Read Realm Domains': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'objectclass', 'cn', 'associateddomain', + }, + }, + } label = _('Realm Domains') label_singular = _('Realm Domains') -- 1.9.0
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
