ipaserver.plugins.baseuser.fix_addressbook_permission_bindrule¶
- ipaserver.plugins.baseuser.fix_addressbook_permission_bindrule(name, template, is_new, anonymous_read_aci, **other_options)[source]¶
Fix bind rule type for Read User Addressbook/IPA Attributes permission
When upgrading from an old IPA that had the global read ACI, or when installing the first replica with granular read permissions, we need to keep allowing anonymous access to many user attributes. This fixup_function changes the bind rule type accordingly.