On Mon, 2011-01-31 at 22:18 -0500, Rob Crittenden wrote: > Rob Crittenden wrote: > > There are some permissions we can't display because they are stored > > outside of the basedn (such as the replication permissions). We are > > adding a new attribute to store extra information to make this clear, in > > this case READONLY. > > > > ticket 853 > > > > rob > > I goofed on the schema, updated patch attached. > > rob
NACK (but a small one) The patch is fine, I have found only 2 minor issues and a question: 1) Permission tests got broken. You may want to apply my "[PATCH] 021 Permission rename test failing" before fixing that - so that Permission test suite is clean. 2) In delegation.ldif: ipapermission object class is missing for removeentitlements and modifyentitlements (it has been added for addentitlements though) QUESTION: In this patch you add READONLY flag to Replica permissions. However it is not actually used and stays as just an informative flag. It won't prevent user from modifying/removing READONLY permissions. I guess enhancing permission-mod and permission-del of READONLY check will be a subject of another ticket? Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel