add_managed_permission

First, create a managed permission entry as follows:

dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIX
cn: testperm
ipaPermBindRuleType: permission
ipaPermDefaultAttr: cn
ipaPermDefaultAttr: l
ipaPermDefaultAttr: o
ipaPermLocation: cn=users,cn=accounts,$SUFFIX
ipaPermRight: write
ipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIX
ipaPermissionType: SYSTEM
ipaPermissionType: V2
ipaPermissionType: MANAGED
objectClass: groupofnames
objectClass: ipapermission
objectClass: ipapermissionv2
objectClass: top

This corresponds to ipa permission-add permission1 --type=user permissions=write, with added ipaPermissionType of MANAGED, and ipaPermDefaultAttr of cn, l, and o.

Also create the corresponding ACI at cn=users,cn=accounts,$SUFFIX:

(targetattr = "cn || l || o")(target = "`ldap:///uid= <ldap:///uid=>`__*,cn=users,cn=accounts,$SUFFIX")(version 3.0;acl "permission:testperm";allow (write) groupdn = "`ldap:///cn=testperm,cn=permissions,cn=pbac,$SUFFIX <ldap:///cn=testperm,cn=permissions,cn=pbac,$SUFFIX>`__";)

The first two tests check that this preparation was successful.