Jan Zelený wrote:
Martin Kosek<[email protected]> wrote:
On Mon, 2011-02-14 at 14:37 +0100, Jan Zelený wrote:
Rob Crittenden<[email protected]> wrote:
Add permission and privilege for updating the IPA configuration in
cn=ipaconfig.
ticket 950
rob
I'm not quite sure how does the patch work. In particular, I wonder about
these two blocks:
+dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX
+default:objectClass: top
+default:objectClass: groupofnames
+default:objectClass: nestedgroup
+default:cn: Write IPA Configuration
+
+dn: cn=Write IPA Configuration,cn=permissions,cn=pbac,$SUFFIX
+default:objectClass: top
+default:objectClass: groupofnames
+default:objectClass: ipapermission
+default:cn: Write IPA Configuration
+default:member: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX
Can't they be specified in one block like:
+dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX
+default:objectClass: top
+default:objectClass: groupofnames
+default:objectClass: nestedgroup
+default:objectClass: ipapermission
+default:cn: Write IPA Configuration
+default:member: cn=Write IPA Configuration,cn=privileges,cn=pbac,$SUFFIX
Thanks in advance
Otherwise the patch looks good, so if this is not an issue, I give it
ACK.
Jan
I think this is OK. We are adding 2 objects - one permission called
"Write IPA Configuration" (with an underlying ACI) and one priviledge
also called "Write IPA Configuration". Therefore they cannot be merged
to one LDAP object.
Oh, sorry, I didn't see that one object is privilege and another one is
permission.
Jan
pushed to master
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
