[Freeipa-devel] [PATCH] 608 Fix returning effective rights for password policy
Adam Young
ayoung at redhat.com
Fri Nov 19 14:15:15 UTC 2010
On 11/18/2010 10:04 PM, Rob Crittenden wrote:
> Adam Young wrote:
>> On 11/18/2010 11:22 AM, Rob Crittenden wrote:
>>> Password policy needs to update the class of service priority in
>>> another entry. Include the CoS attribute when reporting rights.
>>>
>>> rob
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> CAn't seem to get it to work. Running in the lite server, I have
>> confirmed that the patch is applied and run:
>>
>> curl -H "Content-Type:application/json" -H "Accept:applicaton/json"
>> --negotiate -u : --cacert /etc/ipa/ca.crt -d
>> '{"method":"pwpolicy_show","params":[["global_policy"],{"rights":1,
>> "all":1}]}' -X POST http://localhost:8888/ipa/json | less
>>
>>
>> as well as
>>
>> ./ipa pwpolicy-show global_policy --rights
>>
>> and
>> ./ipa pwpolicy-show global_policy --rights --all
>>
>> But do not see rights.
>>
>> Which returns:
>> ipa: ERROR: global_policy: entry not found
>>
>>
>>
>> Considering that I run
>> ./ipa pwpolicy-find global_policy --rights --all
>>
>> and get
>> ipa: error: no such option: --rights
>>
>>
>> I am pretty sure that the patch is applied.
>
> Looks like global_policy is still a bit of a special case. It has no
> priority because it is the default. Try with a regular group or
> without global_policy.
It needs to be there for all groups. If it doesn't work with
global_policy, the webUI will be broken.
>
> I didn't know you wanted rights with find.
I don't. It was just making sure I was testing the right thing.
>
> I can either add the special case in with a resubmission or push this
> and create a new task to fix that.
>
> rob
More information about the Freeipa-devel
mailing list