From a3524ba0f45271b6d9f7c42731a0a67b797357be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tibor=20Dudl=C3=A1k?= <tibor.dudlak@gmail.com>
Date: Wed, 24 May 2017 11:02:19 +0200
Subject: [PATCH] Add permission to grant 'add' on cas container

    https://pagure.io/freeipa/issue/6609
---
 ipaserver/install/plugins/update_managed_permissions.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py
index 33983fd107..05af4cc3aa 100644
--- a/ipaserver/install/plugins/update_managed_permissions.py
+++ b/ipaserver/install/plugins/update_managed_permissions.py
@@ -291,6 +291,14 @@
             'ipadomainlevel', 'objectclass',
         },
     },
+    'System: Grant add on CAS container': {
+        'replaces_global_anonymous_aci': True,
+        'ipapermlocation': DN('cn=cas,cn=ca', api.env.basedn),
+        'ipapermtargetfilter': {'(objectclass=nscontainer)'},
+        'ipapermbindruletype': 'permission',
+        'ipapermright': {'add'},
+        'default_privileges': {'CA Administrator'},
+    },
 }