On 07/14/2014 05:00 PM, Jan Cholasta wrote:
> Hi,
>
> On 14.7.2014 11:50, Tomas Babej wrote:
>> Hi,
>>
>> Since recent permissions work references this entry, we need to be
>> able to have memberOf attributes created on this entry. Hence we
>> need to include the nestedgroup objectclass.
>>
>> https://fedorahosted.org/freeipa/ticket/4433
>
> NACK, "default" will not work for IPA upgrades, you have to use "add".
>

Oops, thanks for the catch, fixed.

-- 
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org 

>From 17e92ccb08edeac2e36748e11a705ec2233ef1c3 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Thu, 10 Jul 2014 17:26:25 +0200
Subject: [PATCH] trusts: Make cn=adtrust agents sysaccount nestedgroup

Since recent permissions work references this entry, we need to be
able to have memberOf attributes created on this entry. Hence we
need to include the nestedgroup objectclass.

https://fedorahosted.org/freeipa/ticket/4433
---
 install/updates/60-trusts.update | 1 +
 1 file changed, 1 insertion(+)

diff --git a/install/updates/60-trusts.update b/install/updates/60-trusts.update
index d55bc94bbe917571999bcc7dfb6e6aaf641c4b49..9dabc806e2f747c47ab809cd2ed2150b2a13c2a6 100644
--- a/install/updates/60-trusts.update
+++ b/install/updates/60-trusts.update
@@ -11,6 +11,7 @@ default: nsAccountLock: FALSE
 default: ipaUniqueID: autogenerate
 
 dn: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX
+add: objectClass: nestedgroup
 default: objectClass: GroupOfNames
 default: objectClass: top
 default: cn: adtrust agents
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to