[Freeipa-devel] [PATCH] 719 permission for cn=ipaconfig

[Jan Zelený]

Rob Crittenden <rcritten at redhat.com> wrote:
> Add permission and privilege for updating the IPA configuration in
> cn=ipaconfig.
> 
> ticket 950
> 
> rob

I'm not quite sure how does the patch work. In particular, I wonder about 
these two blocks:

+dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX
+default:objectClass: top
+default:objectClass: groupofnames
+default:objectClass: nestedgroup
+default:cn: Write IPA Configuration
+
+dn: cn=Write IPA Configuration,cn=permissions,cn=pbac,$SUFFIX
+default:objectClass: top
+default:objectClass: groupofnames
+default:objectClass: ipapermission
+default:cn: Write IPA Configuration
+default:member: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX

Can't they be specified in one block like:

+dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX
+default:objectClass: top
+default:objectClass: groupofnames
+default:objectClass: nestedgroup
+default:objectClass: ipapermission
+default:cn: Write IPA Configuration
+default:member: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX

Thanks in advance

Otherwise the patch looks good, so if this is not an issue, I give it ACK.

Jan