Martin Kosek wrote: > When more than one plugin produce ACIs, they share common namespace > of ACI name. This may lead to name collisions between the ACIs > from different plugins. > > This patch introduces a mandatory "prefix" attribute for non-find > ACI operations which allow plugins to use their own prefixes > (i.e. namespaces) which is then used when a name of the ACI is > generated. > > Permission, Delegation and Selfservice plugins has been updated > to use their own prefixes thus avoiding name collisions by using > their own namespaces. Default ACIs in LDIFs has been updated to > follow this new policy. > > Permission plugin now uses its CN (=primary key) instead of > description in ACI names as Description may not be unique. > > This change requires an IPA server reinstall since the default ACI > set has been changed. > > https://fedorahosted.org/freeipa/ticket/764 > > I took a quick look.
Rob, I thought that there are different APIs for self and delegation. Is this is the case? ipa permission-... functions should never deal with self service or delegation acis They are just for the permission ACIs connected to the target groups. I do not think this is the right approach. The prefix is need but it should be automatically added if you use this interface. > ------------------------------------------------------------------------ > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
