On 05/28/2014 03:40 PM, Petr Viktorin wrote:
> Some of IPA plugins assume that everyone has access to everything. Here are
> some fixes for that.
> Patch 0560 adds a new permission for the UPG Definition, which is required to
> add users correctly.
Crash is now removed, though I am thinking that the output may be confusing for
users as there is no output:
# ipa krbtpolicy-show
# echo $?
I need to use --all to see anything:
# ipa krbtpolicy-show --all
objectclass: krbrealmcontainer, top, krbticketpolicyaux
Would it make sense to raise ACIError if user cannot any Kerberos policy
functionally works fine, tested with migrate-ds. When looking at the code,
would it make sense to replace this section:
+ disable_attr = '(objectclass=disable)'
+ org_filter = upg_entries.single_value['originfilter']
+ return not re.search(r'%s' % disable_attr, org_filter)
+ origin_filter = upg_entries.single_value['originfilter']
+ return '(objectclass=disable)' not in origin_filter
I am not sure why RE is used in this case at all.
Freeipa-devel mailing list