[Freeipa-devel] [PATCH] 180 Add missing --pkey-only option for selfservice and
Rob Crittenden
rcritten at redhat.com
Mon Jan 16 15:47:26 UTC 2012
Martin Kosek wrote:
> On Thu, 2012-01-12 at 22:47 -0500, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On Fri, 2011-12-09 at 19:33 -0600, Endi Sukma Dewata wrote:
>>>> On 12/9/2011 9:47 AM, Martin Kosek wrote:
>>>>> pkey-only functionality has to be implemented separately for these
>>>>> modules as they are based on crud.Search instead of standard
>>>>> LDAPSearch.
>>>>>
>>>>> Delegation commands were modified in the process to allow ACIs
>>>>> without 'memberof' as delegation ACIs. This check is no longer
>>>>> needed since delegation ACI prefixe ensures the ACI type.
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/2092
>>>>
>>>> From UI perspective this is ACKed. I'm sending a patch to enable paging
>>>> on these pages.
>>>>
>>>
>>> Thanks for the UI review Endi. If there are no objections from server
>>> people too we can push this.
>>>
>>> A rebased version for current master is attached.
>>>
>>> Martin
>>
>> The delegation tests fail with creation. Here is what it looks like from
>> the cli.
>>
>> # ipa delegation-add --attrs=street,c,l,st,postalcode --group=editors
>> --permissions=write --membergroup=admins delegation1
>> ipa: ERROR: Delegation 'delegation1' not found
>>
>> rob
>
> In this case, delegation was broken earlier in a recent patch "Display
> the value of memberOf ACIs in permission plugin".
>
> A new version of the patch #180 adding the --pkey-only option + fixing
> the delegation plugin is attached. Delegation plugin is pretty simple
> and straightforward after this patch.
>
> Martin
ACK
More information about the Freeipa-devel
mailing list