This task was added with a DN colliding with privilege update memberOf task being run later and caused this task to be ineffective and thus miss some privilege membership, like "SELinux User Map Administrators"
DNS update plugin do not need to run any task at all as privileges will be updated later in scope of 55-pbacmemberof.update https://fedorahosted.org/freeipa/ticket/3877 -- Martin Kosek <mko...@redhat.com> Supervisor, Software Engineering - Identity Management Team Red Hat Inc.
From cf5cda13a512afcba3163a16fbaaaafa1b531456 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Fri, 4 Oct 2013 13:48:52 +0200 Subject: [PATCH] Remove faulty DNS memberOf Task This task was added with a DN colliding with privilege update memberOf task being run later and caused this task to be ineffective and thus miss some privilege membership, like "SELinux User Map Administrators" DNS update plugin do not need to run any task at all as privileges will be updated later in scope of 55-pbacmemberof.update https://fedorahosted.org/freeipa/ticket/3877 --- install/updates/40-dns.update | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/install/updates/40-dns.update b/install/updates/40-dns.update index 7ad366e6099aed5cfd240fa2068d9e41bc2af9aa..475a0c05cf3c54c2c26c65c608d205034dec9faf 100644 --- a/install/updates/40-dns.update +++ b/install/updates/40-dns.update @@ -1,5 +1,6 @@ # Add missing member values to attach permissions to their respective -# privileges and run a memberOf task. +# privileges +# Memberof task is already being run in 55-pbacmemberof.update dn: cn=add dns entries,cn=permissions,cn=pbac,$SUFFIX addifexist:objectclass: ipapermission addifexist:member: 'cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX' @@ -18,14 +19,6 @@ dn: cn=update dns dn: cn=Write DNS Configuration,cn=permissions,cn=pbac,$SUFFIX addifexist:objectclass: ipapermission -dn: cn=Update PBAC memberOf $TIME, cn=memberof task, cn=tasks, cn=config -add: objectClass: top -add: objectClass: extensibleObject -add: cn: IPA PBAC memberOf $TIME -add: basedn: 'cn=privileges,cn=pbac,$SUFFIX' -add: filter: (objectclass=*) -add: ttl: 10 - # update DNS container dn: cn=dns, $SUFFIX addifexist: objectClass: idnsConfigObject -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
