[Freeipa-devel] [PATCH] 903 fix hbac rule search for non-admin users

Petr Vobornik pvoborni at redhat.com
Tue Jul 14 16:50:14 UTC 2015


hbacrule has it default attributes (which are used in search) attribute
'memberhostgroup'. This attr is not in ACI nor in schema. If the search
contains an attribute which can't be read then the search won't return
anything.

Therefore all searches with filter set fail.

Also I don't think this is a proper fix because any custom ACIs will 
cause the bug again. Same issue in 
https://fedorahosted.org/freeipa/ticket/5055

https://fedorahosted.org/freeipa/ticket/5130
-- 
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0903-fix-hbac-rule-search-for-non-admin-users.patch
Type: text/x-patch
Size: 1221 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150714/151f9909/attachment.bin>


More information about the Freeipa-devel mailing list