[Freeipa-devel] GetEffectiveRights and add ACIs
William Brown
wibrown at redhat.com
Wed Jan 18 02:27:13 UTC 2017
On Mon, 2017-01-16 at 17:09 +0100, Ludwig Krispenz wrote:
> On 01/13/2017 06:24 PM, thierry bordaz wrote:
> > Hello,
> >
> > The option specifies the value of 'objectclass' attribute during the
> > GER. That is evaluated at attributeLevelRights but not at the
> > entryLevelRights. I was not able to fix the test case using this option.
> >
> > For information I opened that ticket
> > https://fedorahosted.org/freeipa/ticket/6609
> I think we need a 389-ds ticket as well. Looking into it, the aci code
> contains parts to construct a template entry to evaluate access to a non
> existent entry, but it is not called because either entries are found
> and processed or the search returns no such object.
> It should be possible to make this work.
Agreed, lets make a ds ticket for this.
It sounds like Fraser is blocked on this, so we should probably work it
out sooner than later, but I think that can be discussed at triage.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20170118/f93c8499/attachment.sig>
More information about the Freeipa-devel
mailing list