Rob Crittenden wrote:
Adam Young wrote:
On 12/07/2010 04:33 PM, Rob Crittenden wrote:
Add plugin for manage self-service ACIs

This is just a thin wrapper around the aci plugin, controlling what
types of ACIs can be added.

Right now only ACIs in the basedn can be managed with this plugin.

I've got an e-mail into the UI folks to see if we can enhance this and
ask the type of object we're creating a selfservice entry for. This
way we can put the aci into the proper container.

Otherwise I'm going to need to follow up to this and move a couple of
self-service ACI's that are now in containers into the basedn.

ticket 531


Freeipa-devel mailing list

1. When I created a permission this way:

ipa selfservice-add
Self-Service name: testthisbabyout
Attributes: departmentnumber
Added selfservice "testthisbabyout"
Self-Service name: testthisbabyout
Permissions: d3JpdGU=
Attributes: departmentnumber

Note the garbage string in there for permissions.

It's a base64-encoded string:

 >>> import base64
 >>> base64.b64decode('d3JpdGU=')

Not sure how that slipped in there, but fixable.

THen I tried this:
[r...@ipa freeipa]# ipa selfservice-del testthisbabyout
--permissions=write --attrs=departmentnumber
Usage: ipa [global-options] selfservice-del NAME

ipa: error: no such option: --permissions

You just need the name of the selfservice aci when deleting, the other
arguments aren't used. This one is ok.


Turns out to be a one-character fix. I didn't make the default a unicode value so it was base64-encoded.

---      2010-12-07 23:24:45.000000000 -0500
+++        2010-12-07 23:28:02.000000000 -0500
@@ -101,7 +101,7 @@

     def execute(self, aciname, **kw):
         if not 'permissions' in kw:
-            kw['permissions'] = ('write',)
+            kw['permissions'] = (u'write',)
         kw['selfaci'] = True
         result = api.Command['aci_add'](aciname, **kw)['result']


Freeipa-devel mailing list

Reply via email to