On 05/28/2014 03:40 PM, Petr Viktorin wrote: > Hello, > Some of IPA plugins assume that everyone has access to everything. Here are > some fixes for that. > > Patch 0560 adds a new permission for the UPG Definition, which is required to > add users correctly.
558: Crash is now removed, though I am thinking that the output may be confusing for users as there is no output: # ipa krbtpolicy-show # echo $? 0 I need to use --all to see anything: # ipa krbtpolicy-show --all dn: cn=MKOSEK-FEDORA20.TEST,cn=kerberos,dc=mkosek-fedora20,dc=test cn: MKOSEK-FEDORA20.TEST objectclass: krbrealmcontainer, top, krbticketpolicyaux Would it make sense to raise ACIError if user cannot any Kerberos policy attributes? 559: ACK 560: ACK 561: functionally works fine, tested with migrate-ds. When looking at the code, would it make sense to replace this section: + disable_attr = '(objectclass=disable)' + org_filter = upg_entries[0].single_value['originfilter'] + return not re.search(r'%s' % disable_attr, org_filter) with + origin_filter = upg_entries[0].single_value['originfilter'] + return '(objectclass=disable)' not in origin_filter I am not sure why RE is used in this case at all. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel