ipaserver.plugins.baseuser.fix_addressbook_permission_bindrule

ipaserver.plugins.baseuser.fix_addressbook_permission_bindrule(name, template, is_new, anonymous_read_aci, **other_options)[source]

Fix bind rule type for Read User Addressbook/IPA Attributes permission

When upgrading from an old IPA that had the global read ACI, or when installing the first replica with granular read permissions, we need to keep allowing anonymous access to many user attributes. This fixup_function changes the bind rule type accordingly.