[Freeipa-devel] [PATCH 0413] fix permission: Read Replication Agreements
Martin Basti
mbasti at redhat.com
Tue Feb 23 16:20:56 UTC 2016
On 22.02.2016 09:00, Jan Cholasta wrote:
> Hi,
>
> On 17.2.2016 14:49, Martin Basti wrote:
>> https://fedorahosted.org/freeipa/ticket/5631
>>
>> Patch attached (for master, 4.3, 4.2)
>
> 1) All the replication agreement permission ACIs should be located in
> the same entry. Currently "Read Replication Agreements" is in
> "cn=config" and everything else in "cn=mapping tree,cn=config", so I
> guess "cn=mapping tree,cn=config" makes more sense.
>
>
> 2) Instead of literal DN('cn=permissions,cn=pbac'), use
> api.env.container_permissions.
>
>
> 3) IMO the removal of managed permission attributes could be a little
> bit more robust. You should check that the original entry contains all
> the required values before touching it (objectclass=ipapermissionv2,
> ipapermissiontype=V2, ipapermissiontype=MANAGED) and remove only the
> values that need to be removed, instead of just overwriting everything.
>
>
> Honza
>
Updated patch attached.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0413.2-fix-permission-Read-Replication-Agreements.patch
Type: text/x-patch
Size: 21364 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160223/3ef06581/attachment.bin>
More information about the Freeipa-devel
mailing list