On 04/16/2014 06:56 PM, Sumit Bose wrote: > On Wed, Apr 16, 2014 at 04:59:55PM +0300, Alexander Bokovoy wrote: >> On Wed, 16 Apr 2014, Simo Sorce wrote: ... >>> Can you please list exactly which ones are needed ? ... >> - objectclass ipaIDRange >> - cn >> - ipaBaseID >> - ipaIDRangeSize >> - ipaBaseRID >> - ipaSecondaryBaseRID > > iparangetype and ipanttrusteddomainsid are needed as well. > > bye, > Sumit >
Thanks. But in case of ID Ranges we are safe as we exposed all ID range attributes to all authenticated users (hosts). Trust objects are different, we plan to have at least 2 permissions so that only needed attributes are exposed. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
