> On Nov 14, 2023, at 07:39, Christian Heimes via FreeIPA-users
> <[email protected]> wrote:
>
>
> I noticed that your plugin creates a bunch of managed permissions, but has no
> update code to wire them to privileges and roles. You have to add your
> permissions to a privilege, either with "default_privileges" in the managed
> permission or manually with an LDAP update. My code has some examples:
>
> https://github.com/podengo-project/ipa-hcc/blob/4a3998191099ef062fe54d7e1ca64ef31b0338be/install/server/updates/85-hcc.update#L59
Thanks a lot for your answer.
I am a bit confused here. What should be an appropriate default_privileges
value so that a system account can read all the entries/attributes below
cn=mailserver,cn=etc?
> I noticed that your 75-mailserver.update has a bug. You are not assigning a
> value to the RDN "cn" attribute. You want:
>
> dn: cn=mailserver,cn=etc,$SUFFIX
> default: objectclass: top
> default: objectclass: nsContainer
> only: cn: mailserver
>
Thank you Christian. Does it mean that the
cn=postfixadmin,cn=mailserver,cn=etc,$SUFFIX also needs an «only» statement?
>
> Also you are creating new objects for default attributes and managed
> permissions. Instead you should extend / update the existing objects:
>
> user.default_attributes.extend(['alias', ...])
> user.managed_permissions.update(
> {
> 'System: Read User Mail Attributes': {...},
> }
> )
>
Thanks!
> --
> Christian Heimes
> Principal Software Engineer, Identity Management and Platform Security
>
> Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael
> O'Neill
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
