[Freeipa-devel] [PATCH] 608 Fix returning effective rights for password policy

Adam Young ayoung at redhat.com
Fri Nov 19 17:37:25 UTC 2010 

On 11/19/2010 09:15 AM, Adam Young wrote:
> On 11/18/2010 10:04 PM, Rob Crittenden wrote:
>> Adam Young wrote:
>>> On 11/18/2010 11:22 AM, Rob Crittenden wrote:
>>>> Password policy needs to update the class of service priority in
>>>> another entry. Include the CoS attribute when reporting rights.
>>>>
>>>> rob
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>> CAn't seem to get it to work. Running in the lite server, I have
>>> confirmed that the patch is applied and run:
>>>
>>> curl -H "Content-Type:application/json" -H "Accept:applicaton/json"
>>> --negotiate -u : --cacert /etc/ipa/ca.crt -d
>>> '{"method":"pwpolicy_show","params":[["global_policy"],{"rights":1,
>>> "all":1}]}' -X POST http://localhost:8888/ipa/json | less
>>>
>>>
>>> as well as
>>>
>>> ./ipa pwpolicy-show global_policy --rights
>>>
>>> and
>>> ./ipa pwpolicy-show global_policy --rights --all
>>>
>>> But do not see rights.
>>>
>>> Which returns:
>>> ipa: ERROR: global_policy: entry not found
>>>
>>>
>>>
>>> Considering that I run
>>> ./ipa pwpolicy-find global_policy --rights --all
>>>
>>> and get
>>> ipa: error: no such option: --rights
>>>
>>>
>>> I am pretty sure that the patch is applied.
>>
>> Looks like global_policy is still a bit of a special case. It has no 
>> priority because it is the default. Try with a regular group or 
>> without global_policy.
>
> It needs to be there  for all groups.  If it doesn't work with 
> global_policy, the webUI will be broken.
>
>
>>
>> I didn't know you wanted rights with find.
>
> I don't.  It was just making sure I was testing the right thing.
>>
>> I can either add the special case in with a resubmission or push this 
>> and create a new task to fix that.
>>
>> rob
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK and pushed to master.

More information about the Freeipa-devel mailing list