[Freeipa-users] 2.1.90 rc1 testing on F17 alpha
Rich Megginson
rmeggins at redhat.com
Mon Mar 12 22:47:09 UTC 2012
On 03/12/2012 04:44 PM, Stephen Ingram wrote:
> On Mon, Mar 12, 2012 at 2:10 PM, Rich Megginson<rmeggins at redhat.com> wrote:
>> On 03/12/2012 02:42 PM, Stephen Ingram wrote:
>>> On Mon, Mar 12, 2012 at 1:09 PM, Rob Crittenden<rcritten at redhat.com>
>>> wrote:
>>>
>>> ...snip...
>>>
>>>> Could also be python-ldap, we ran into a schema handling problem already.
>>>>
>>>> It may be possible to duplicate this from the command line using the
>>>> --rights option. This executes the same GER control. I'll have to refresh
>>>> my
>>>> F-17 install, it is ancient by current standards.
>>>>
>>>> You could test with something like:
>>>>
>>>> # ipa user-show --all --rights admin
>>>>
>>>> If it worked it would include attributelevelrights with a huge list of
>>>> values. This represents the rights you have on the various attributes
>>>> (read,
>>>> write, etc). The UI uses this to determine what it will allow you to
>>>> edit.
>>> Here is the result:
>>>
>>> [root at f17a yum.repos.d]# ipa user-show --all --rights admin
>>> ipa: ERROR: get-effective-rights: missing subject: Invalid syntax.
>>>
>>> I would be happy to try the debug flag in python-ldap, but not sure how to
>>> do.
>> I know how to do it hacking the code that uses python-ldap, but I'm not sure
>> how to do it without hacking the code.
> Can I just change the OPT_DEBUG_LEVEL to 4096 in ipaserver/ipaldap.py
> or do I also need to change the settings in each area where an ldap
> connection is initiated?
Good question - any IPA developers want to chime in?
>
> Steve
More information about the Freeipa-users
mailing list