modifyprivilegemembership permission object class in LDAP should be groupofnames, not nestedgroup.
https://fedorahosted.org/freeipa/ticket/858
>From 3d488962ea23d60cfdbf60b4f520d85575d3cdd2 Mon Sep 17 00:00:00 2001 From: Martin Kosek <[email protected]> Date: Fri, 28 Jan 2011 11:14:24 +0100 Subject: [PATCH] modifyprivilegemembership permission has nestedgroup OC modifyprivilegemembership permission object class in LDAP should be groupofnames, not nestedgroup. https://fedorahosted.org/freeipa/ticket/858 --- install/share/delegation.ldif | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif index 415d3090b75b0b72904b7cc6a702d1ca2d6c50c2..f04c4ae06cf6682d728162f3d71a4a053f69e7f9 100644 --- a/install/share/delegation.ldif +++ b/install/share/delegation.ldif @@ -340,7 +340,7 @@ member: cn=delegationadmin,cn=privileges,cn=pbac,$SUFFIX dn: cn=modifyprivilegemembership,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top -objectClass: nestedgroup +objectClass: groupofnames cn: modifyprivilegemembership description: Modify privilege membership member: cn=delegationadmin,cn=privileges,cn=pbac,$SUFFIX -- 1.7.3.5
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
