A new DNS permission that went into 2.2 uses all lower case to be consistent with existing DNS Permissions. This switches it to use mixed case as well. We'll investigate renaming the existing entries as well.

rob
>From cbe2981f1501c8c87fcad5a18d7bf4bc3c1d747c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Fri, 20 Apr 2012 11:07:47 -0400
Subject: [PATCH] Use mixed-case for Read DNS Entries permission

https://fedorahosted.org/freeipa/ticket/2569
---
 install/share/dns.ldif           |    6 +++---
 ipaserver/install/plugins/dns.py |    6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/install/share/dns.ldif b/install/share/dns.ldif
index a8d27788a67def4bfefedd87722894cc10cbad16..cd77fe22cafed438b3549b19d7b125ca466e66f8 100644
--- a/install/share/dns.ldif
+++ b/install/share/dns.ldif
@@ -4,7 +4,7 @@ objectClass: idnsConfigObject
 objectClass: nsContainer
 objectClass: top
 cn: dns
-aci: (targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) and (groupdn != "ldap:///cn=read dns entries,cn=permissions,cn=pbac,$SUFFIX");)
+aci: (targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) and (groupdn != "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX");)
 
 dn: $SUFFIX
 changetype: modify
@@ -57,12 +57,12 @@ description: Update DNS entries
 member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
 member: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
 
-dn: cn=read dns entries,cn=permissions,cn=pbac,$SUFFIX
+dn: cn=Read DNS Entries,cn=permissions,cn=pbac,$SUFFIX
 changetype: add
 objectClass: top
 objectClass: groupofnames
 objectClass: ipapermission
-cn: read dns entries
+cn: Read DNS Entries
 description: Read DNS entries
 ipapermissiontype: SYSTEM
 member: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py
index a9846fa84f12fcc9cab75cf6b1ece789c0e873fe..886f7f051e91147969034350c69d956f3b43345a 100644
--- a/ipaserver/install/plugins/dns.py
+++ b/ipaserver/install/plugins/dns.py
@@ -100,13 +100,13 @@ class update_dns_permissions(PostUpdate):
                              'member:cn=DNS Servers,cn=privileges,cn=pbac,%s' \
                                      % api.env.basedn]
 
-    _read_dns_perm_dn = DN('cn=read dns entries',
+    _read_dns_perm_dn = DN('cn=Read DNS Entries',
                             api.env.container_permission,
                             api.env.basedn)
     _read_dns_perm_entry = ['objectClass:top',
                             'objectClass:groupofnames',
                             'objectClass:ipapermission',
-                            'cn:read dns entries',
+                            'cn:Read DNS Entries',
                             'description:Read DNS entries',
                             'ipapermissiontype:SYSTEM',
                             'member:cn=DNS Administrators,cn=privileges,cn=pbac,%s' \
@@ -118,7 +118,7 @@ class update_dns_permissions(PostUpdate):
     _write_dns_aci_entry = ['add:aci:\'(targetattr = "idnsforwardpolicy || idnsforwarders || idnsallowsyncptr || idnszonerefresh || idnspersistentsearch")(target = "ldap:///cn=dns,%(realm)s")(version 3.0;acl "permission:Write DNS Configuration";allow (write) groupdn = "ldap:///cn=Write DNS Configuration,cn=permissions,cn=pbac,%(realm)s";)\'' % dict(realm=api.env.basedn)]
 
     _read_dns_aci_dn = DN(api.env.container_dns, api.env.basedn)
-    _read_dns_aci_entry = ['add:aci:\'(targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,%(realm)s") and (groupdn != "ldap:///cn=read dns entries,cn=permissions,cn=pbac,%(realm)s");)\''  % dict(realm=api.env.basedn) ]
+    _read_dns_aci_entry = ['add:aci:\'(targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,%(realm)s") and (groupdn != "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,%(realm)s");)\''  % dict(realm=api.env.basedn) ]
 
     def execute(self, **options):
         ldap = self.obj.backend
-- 
1.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to