[Freeipa-devel] [PATCH] 279 Fix/enhance the aci plugin
Rob Crittenden
rcritten at redhat.com
Fri Sep 25 22:23:30 UTC 2009
The aci plugin didn't quite work with the new ldap2 backend, fix that.
We already walk through the target part of the ACI syntax so skip that
in the regex altogether. This now lets us handle all current ACIs in IPA
(some used to be ignored/skipped)
Add support for user groups so one can do v1-style delegation (group A
can write attributes x,y,z in group B). It is actually quite a lot more
flexible than that but you get the idea. I'm not sure yet but it might
be better to split this out into a separate plugin, or to make a simple
mode or something.
Improve error messages in the aci library (so you can better know what
broke, not just that it is broken).
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-279-aci.patch
Type: application/mbox
Size: 11128 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090925/da913d53/attachment.mbox>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090925/da913d53/attachment.bin>
More information about the Freeipa-devel
mailing list