Hi,

the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4540>.

The error message is now the generic ACI error message, e.g. "Insufficient access: Insufficient 'add' privilege to add the entry 'krbprincipalname=something/somehost.example....@example.com,cn=services,cn=accounts,dc=example,dc=com'.
"

Honza

--
Jan Cholasta
>From 4b812d600e9352d3dc37d896b0d4714f07b8cdc6 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Tue, 7 Oct 2014 18:38:20 +0200
Subject: [PATCH] Remove misleading authorization error message in cert-request
 with --add

https://fedorahosted.org/freeipa/ticket/4540
---
 ipalib/plugins/cert.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index e4918a4..679ac14 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -365,11 +365,7 @@ class cert_request(VirtualCommand):
             if not add:
                 raise errors.NotFound(reason=_("The service principal for "
                     "this request doesn't exist."))
-            try:
-                service = api.Command['service_add'](principal, force=True)
-            except errors.ACIError:
-                raise errors.ACIError(info=_('You need to be a member of '
-                    'the serviceadmin role to add services'))
+            service = api.Command['service_add'](principal, force=True)
         service = service['result']
         dn = service['dn']
 
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to