[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] [PATCH] 581 remove enrolledBy when unenrolled



Dmitri Pal wrote:
Simo Sorce wrote:
On Fri, 15 Oct 2010 17:27:07 -0400
Rob Crittenden<rcritten redhat com>  wrote:


Remove the enrolledBy when a host is unenrolled (which is the same as
disabling the host).

ticket 301

rob


nack, if host can write enrolledBy it can fake info

Simo.


I agree. I think it should be "delete" rather than "write".


The delete permission is for entries, not for attributes.

I'll need to ask the 389-ds guys about how to do this, though I think it may be via an attr value aci which will require some work in our aci plugin because it doesn't currently support them.

rob


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]