[Freeipa-devel] [PATCH] 887 add missing aci prefix to dns acis
Rob Crittenden
rcritten at redhat.com
Thu Oct 6 18:05:36 UTC 2011
Martin Kosek wrote:
> On Wed, 2011-10-05 at 17:18 -0400, Rob Crittenden wrote:
>> The aci prefix was missing in the description of the three dns acis
>> which made them not show up when viewing their permission entries.
>>
>> rob
>
> This works fine, but it is just a part of a solution. DNS related
> privileges miss memberof attribute for the DNS permissions and thus the
> permissions are not listed:
>
> # ipa permission-show "add dns entries"
> Permission name: add dns entries
> Permissions: add
> Type: dnsrecord
> Granted to Privilege: DNS Administrators, DNS Servers
>
> # ipa privilege-show "DNS Administrators"
> Privilege name: DNS Administrators
> Description: DNS Administrators
> <<< Missing permissions
>
> I think the reason is that the permissions are in a wrong order in the
> LDIF and are created before the privilege itself. When member links are
> being created for DNS permissions, the memberof plugin cannot add
> memberof attributes for the privilege since it does not exist yet. This
> is the main issue that the BZ bug complains about.
>
> Martin
>
There are two problems:
1. The acis lacked a prefix so they didn't appear as permissions
2. The permission was added before the privilege so the memberof values
weren't being calculated.
This fixes it for new installs and adds an update to fix up existing
installs.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-887-2-prefix.patch
Type: text/x-patch
Size: 9145 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111006/fa28218a/attachment.bin>
More information about the Freeipa-devel
mailing list