[Freeipa-devel] upstream build failure

Petr Vobornik pvoborni at redhat.com
Mon Jun 15 08:30:24 UTC 2015 

On 06/15/2015 10:16 AM, Oleg Fayans wrote:
> Hi guys,
>
> The attempt to build the latest upstream branch fails with the following
> error:
>
>   aci: (targetattr = "krblastpwdchange || krbpasswordexpiration ||
> krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=deleted
> users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter =
> "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Reset
> Preserved User password";allow (read,search,write) groupdn =
> "ldap:///cn=System: Reset Preserved User
> password,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>   dn: dc=ipa,dc=example
>   aci: (target_to =
> "ldap:///cn=users,cn=accounts,dc=ipa,dc=example")(target_from =
> "ldap:///cn=deleted
> users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter =
> "(objectclass=nsContainer)")(version 3.0;acl "permission:System:
> Undelete User";allow (moddn) groupdn = "ldap:///cn=System: Undelete
> User,cn=permissions,cn=pbac,dc=ipa,dc=example";)
> -dn: cn=users,cn=accounts,dc=ipa,dc=example
> -aci: (targetattr = "uid")(target =
> "ldap:///uid=*,cn=users,cn=accounts,dc=ipa,dc=example")(targetfilter =
> "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Write
> Active Users RDN by administrators";allow (write) groupdn =
> "ldap:///cn=System: Write Active Users RDN by
> administrators,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>   dn: cn=sudocmds,cn=sudo,dc=ipa,dc=example
>   aci: (targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl
> "permission:System: Add Sudo Command";allow (add) groupdn =
> "ldap:///cn=System: Add Sudo
> Command,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>   dn: cn=sudocmds,cn=sudo,dc=ipa,dc=example
>
> Managed permission ACI validation failed.
> Re-check permission changes and run `makeaci`.
> ACI.txt validation failed
> Makefile:130: recipe for target 'version-update' failed
> make: *** [version-update] Error 1
>

fixed by [PATCH] 876 regenerate ACI.txt after stage user permission rename
-- 
Petr Vobornik

More information about the Freeipa-devel mailing list