[Freeipa-devel] [PATCH] 633 add selfservice aci plugin
Rob Crittenden
rcritten at redhat.com
Wed Dec 8 03:56:03 UTC 2010
Adam Young wrote:
> On 12/07/2010 04:33 PM, Rob Crittenden wrote:
>> Add plugin for manage self-service ACIs
>>
>> This is just a thin wrapper around the aci plugin, controlling what
>> types of ACIs can be added.
>>
>> Right now only ACIs in the basedn can be managed with this plugin.
>>
>> I've got an e-mail into the UI folks to see if we can enhance this and
>> ask the type of object we're creating a selfservice entry for. This
>> way we can put the aci into the proper container.
>>
>> Otherwise I'm going to need to follow up to this and move a couple of
>> self-service ACI's that are now in containers into the basedn.
>>
>> ticket 531
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> NACK:
>
> 1. When I created a permission this way:
>
> ipa selfservice-add
> Self-Service name: testthisbabyout
> Attributes: departmentnumber
> -----------------------------------
> Added selfservice "testthisbabyout"
> -----------------------------------
> Self-Service name: testthisbabyout
> Permissions: d3JpdGU=
> Attributes: departmentnumber
>
>
>
> Note the garbage string in there for permissions.
It's a base64-encoded string:
>>> import base64
>>> base64.b64decode('d3JpdGU=')
'write'
Not sure how that slipped in there, but fixable.
>
> THen I tried this:
> [root at ipa freeipa]# ipa selfservice-del testthisbabyout
> --permissions=write --attrs=departmentnumber
> Usage: ipa [global-options] selfservice-del NAME
>
> ipa: error: no such option: --permissions
You just need the name of the selfservice aci when deleting, the other
arguments aren't used. This one is ok.
rob
More information about the Freeipa-devel
mailing list