[Freeipa-devel] [PATCH 0303] ipalib: Make sure correct attribute name is referenced for
Alexander Bokovoy
abokovoy at redhat.com
Thu Feb 19 16:55:22 UTC 2015
On Thu, 19 Feb 2015, Martin Kosek wrote:
>On 02/19/2015 05:40 PM, Alexander Bokovoy wrote:
>> On Thu, 19 Feb 2015, Tomas Babej wrote:
>>>
>>> On 02/19/2015 05:32 PM, Martin Kosek wrote:
>>>> On 02/19/2015 05:29 PM, Alexander Bokovoy wrote:
>>>>> On Thu, 19 Feb 2015, Tomas Babej wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Fixes the invalid attribute name reference in the
>>>>>> 'System: Read User Addressbook Attributes' permission.
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/4883
>>>>>>
>>>>>> Tomas
>>>>>>> From 93ab1bf897151992df4bd3588386cf8fed4849d2 Mon Sep 17 00:00:00 2001
>>>>>> From: Tomas Babej <tbabej at redhat.com>
>>>>>> Date: Thu, 19 Feb 2015 17:10:37 +0100
>>>>>> Subject: [PATCH] ipalib: Make sure correct attribute name is referenced for
>>>>>> fax
>>>>>>
>>>>>> Fixes the invalid attribute name reference in the
>>>>>> 'System: Read User Addressbook Attributes' permission.
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/4883
>>>>>> ---
>>>>>> ipalib/plugins/user.py | 2 +-
>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>
>>>>>> diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
>>>>>> index
>>>>>> 56585b9f86593c0c5879139103bc71707b88e15f..abe5ee26b8e48681eeb0cbb3bcff8617e212225c
>>>>>>
>>>>>> 100644
>>>>>> --- a/ipalib/plugins/user.py
>>>>>> +++ b/ipalib/plugins/user.py
>>>>>> @@ -276,7 +276,7 @@ class user(LDAPObject):
>>>>>> 'ipapermright': {'read', 'search', 'compare'},
>>>>>> 'ipapermdefaultattr': {
>>>>>> 'seealso', 'telephonenumber',
>>>>>> - 'fax', 'l', 'ou', 'st', 'postalcode', 'street',
>>>>>> + 'facsimiletelephonenumber', 'l', 'ou', 'st', 'postalcode',
>>>>>> 'street',
>>>>>> 'destinationindicator', 'internationalisdnnumber',
>>>>>> 'physicaldeliveryofficename', 'postaladdress',
>>>>>> 'postofficebox',
>>>>>> 'preferreddeliverymethod', 'registeredaddress',
>>>>> 00core.ldif still contains 'fax' definition as an alias to
>>>>> 'facsimileTelephoneNumber' so strictly speaking both should be allowed
>>>>> even though 'fax' attribute name is deprecated.
>>>> Should, but does not (I tested). This may be a gap in DS ACI evaluation.
>>>> However, for FreeIPA side, I prefer Tomas' change, even for compatibility with
>>>> other DS-es - so ACK from me.
>>>
>>> Martin is right, however, I think Alexander was pointing out that we should
>>> support the deprecated name 'fax', as well as 'facsimileTelephoneNumber'
>>> directly in the 'System: Read User Addressbook Attributes' read permission.
>>>
>>> Am I reading this correctly?
>> Exactly, both names should be supported in the ACI.
>
>Ah, I thought you were referring to DS, not being to able to recognize the
>alias. Although following this logic, we should for example also have ACIs for
>commonName, given it's alias for "cn", right?
Yes, I thought the same though postponed proposing that as it is
'unrelated' to this patch.
https://fedorahosted.org/freeipa/ticket/4913
--
/ Alexander Bokovoy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150219/2a9925ca/attachment.sig>
More information about the Freeipa-devel
mailing list