Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Now that IPA is the reference, allow users to change their own attributes

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2020-08-31 22:58:51 +02:00
parent e200f371dc
commit b2cdf5dc62
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
1 changed files with 0 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
roles/ipa/server/files/configure-ipa.sh
View file

@ -8,15 +8,5 @@ trap cleanup EXIT
echo $ADMIN_PASSWORD | kinit admin
# Disallow all users to change their own settings
ipa selfservice-find | grep "Self-service name:" | sed -e "s/ Self-service name: //" | \
while read line
do
echo "Removing $line"
ipa selfservice-del "$line"
done
# Disable default permissions so we don't break our privacy policy
ipa permission-mod "System: Read User Addressbook Attributes" --bindtype=permission
# TODO: Add custom permissions to grant specific access to user attributes