On Thu, 2012-05-31 at 17:43 +0200, Ondrej Hamada wrote: > On 05/31/2012 12:42 PM, Martin Kosek wrote: > > On Wed, 2012-05-30 at 14:43 +0200, Ondrej Hamada wrote: > >> On 05/30/2012 07:45 AM, Martin Kosek wrote: > >>> When permission-find post callback detected a --pkey-only option, > >>> it just terminated. However, this way the results that could have > >>> been added from aci_find matches were not included. > >>> > >>> Fix the post callback to go through the entire matching process. > >>> Also make sure that DNS permissions have a correct objectclass > >>> (ipapermission), otherwise such objects are not matched by the > >>> permission LDAP search. > >>> > >>> https://fedorahosted.org/freeipa/ticket/2658 > >>> > >>> > >>> > >>> _______________________________________________ > >>> Freeipa-devel mailing list > >>> Freeipa-devel@redhat.com > >>> https://www.redhat.com/mailman/listinfo/freeipa-devel > >> Patch needs rebase > >> > >> It does not apply because of changes made to > >> ipalib/plugins/permission.py (by Rob's patch #1018) > >> > > Rebased version attached. > > > > Martin > ACK >
Thanks. I just had to fix indentation of this block: + if truncated: + # size/time limit met, no need to search acis + return truncated It should be executed always, regardless to the pkey_only option value. Pushed to master. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel