On 4.7.2014 14:49, Petr Viktorin wrote:

The dns-is-enabled command, used by the Web UI to determine if DNS pages
should be displayed, queries '(&(objectClass=ipaConfigObject)(cn=DNS))' in
cn=masters. However, currently the service entries are not accessible to all
users, so the check will fail for non-admins.

We talked about this with Martin and agreed that there's no sensitive
information in the service entries.
This patch grants read access to all authenticated users.

Simo, is this OK?

BTW this information has to be available anyway. It will be necessary for automatic NS record management.

(After all, it doesn't make sense to require user input for NS records because valid values can be simply enumerated from LDAP.)

Petr^2 Spacek

Freeipa-devel mailing list

Reply via email to