[Freeipa-devel] [PATCH] 227 Editable sshkey field after upgrade
Petr Vobornik
pvoborni at redhat.com
Tue Nov 20 16:46:24 UTC 2012
On 11/20/2012 10:48 AM, Jan Cholasta wrote:
> Hi,
>
> On 19.11.2012 13:38, Petr Vobornik wrote:
>> After upgrade, sshkeys of existing users and hosts are not editable
>> because attribute level rights are not send to Web UI due to lack of
>> ipasshuser object class.
>>
>> 'w_if_no_aci' attribute flag was introduced to bypass this issue. It
>> makes attribute writable when AttributeLevelRights are not present. It
>> was set for sshkeys_field.
>>
>> https://fedorahosted.org/freeipa/ticket/3260
>>
>
> I think that ipaexternalmember, gidnumber and macaddress attributes
> might cause trouble as well. They are all in objectclasses that are
> added to objects on-demand (like ipasshuser/ipasshhost is).
>
> Honza
>
Thanks for the catch. There is a problem with macaddress.
Ipaexternalmember and gid number aren't affected because group is
converted by actions, not by editing a field.
I additionally conditioned the write exception on having write rights
for objectclass. Update will fail without it.
Updated patch attached.
--
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0227-1-Editable-sshkey-field-after-upgrade.patch
Type: text/x-patch
Size: 3046 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121120/185344ca/attachment.bin>
More information about the Freeipa-devel
mailing list