[Freeipa-devel] [PATCH] freeipa-admiyo-freeipa-0072-rights-check.patch

Endi Sukma Dewata edewata at redhat.com
Wed Nov 3 16:55:58 UTC 2010 

On 11/3/2010 8:53 AM, Adam Young wrote:
>> Still NACK. I have tested this again. It looks like the UI does not
>> send the --rights parameter which is required to get the
>> attributelevelrights. With this patch even the admin can't edit anything.
>
> Ah...that was because I did it as two commits, and only made a patch out
> of one.

Still too many disabled inputs. If you login as admin and open admin's 
details page, the only editable fields are last name and full name. 
(State is also editable but I suspect it's because this field doesn't 
support rights yet.) According to attributelevelrights I should be able
to edit a number of attributes including uidNumber, gidNumber, 
telephoneNumber, but that's not the case. Do you see a different 
behavior when you test it? Am I missing some other patches? Btw, in your 
patch I think rights should be set to 'true' instead of 1.

"attributelevelrights": {
     "aci": "rscwo",
     "cn": "rscwo",
     "description": "rscwo",
     "gecos": "rscwo",
     "gidNumber": "rscwo",
     "homeDirectory": "rscwo",
     "inetUserHttpURL": "rscwo",
     "inetUserStatus": "rscwo",
     "ipaUniqueID": "rsc",
     "krbCanonicalName": "rscwo",
     "krbExtraData": "rscwo",
     "krbLastFailedAuth": "rscwo",
     "krbLastPwdChange": "rscwo",
     "krbLastSuccessfulAuth": "rscwo",
     "krbLoginFailedCount": "rscwo",
     "krbMaxRenewableAge": "rscwo",
     "krbMaxTicketLife": "rscwo",
     "krbPasswordExpiration": "rscwo",
     "krbPrincipalAliases": "rscwo",
     "krbPrincipalExpiration": "rscwo",
     "krbPrincipalKey": "wo",
     "krbPrincipalName": "rscwo",
     "krbPrincipalType": "rscwo",
     "krbPwdHistory": "rscwo",
     "krbPwdPolicyReference": "rscwo",
     "krbTicketFlags": "rscwo",
     "krbTicketPolicyReference": "rscwo",
     "krbUPEnabled": "rscwo",
     "loginShell": "rscwo",
     "memberOf": "rsc",
     "mepManagedEntry": "rscwo",
     "nsAccountLock": "rscwo",
     "objectClass": "rscwo",
     "seeAlso": "rscwo",
     "sn": "rscwo",
     "telephoneNumber": "rscwo",
     "uid": "rscwo",
     "uidNumber": "rscwo",
     "userPassword": "wo"
},

-- 
Endi S. Dewata

More information about the Freeipa-devel mailing list