[Freeipa-devel] [PATCH] 903 fix hbac rule search for non-admin users
Petr Vobornik
pvoborni at redhat.com
Tue Jul 14 16:50:14 UTC 2015
hbacrule has it default attributes (which are used in search) attribute
'memberhostgroup'. This attr is not in ACI nor in schema. If the search
contains an attribute which can't be read then the search won't return
anything.
Therefore all searches with filter set fail.
Also I don't think this is a proper fix because any custom ACIs will
cause the bug again. Same issue in
https://fedorahosted.org/freeipa/ticket/5055
https://fedorahosted.org/freeipa/ticket/5130
--
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0903-fix-hbac-rule-search-for-non-admin-users.patch
Type: text/x-patch
Size: 1221 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150714/151f9909/attachment.bin>
More information about the Freeipa-devel
mailing list