The attached patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=1251225
Thanks, Fraser
From 0431e9b8c8d1ea903e2b68e7fc33f10c38d11bda Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Fri, 7 Aug 2015 03:21:43 -0400 Subject: [PATCH] Fix default CA ACL added during upgrade The upgrade script is adding the default CA ACL with incorrect attributes - usercategory=all instead of servicecategory=all. Fix it to create the correct object. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1251225 --- ipaserver/install/server/upgrade.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index a342642b03abc05d0ce108ff2b774ea25904bd8e..1306e96e2a46b191b0bb8f33deccda54c5626558 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1306,7 +1306,7 @@ def add_default_caacl(ca): if not api.Command.caacl_find()['result']: api.Command.caacl_add(u'hosts_services_caIPAserviceCert', - hostcategory=u'all', usercategory=u'all') + hostcategory=u'all', servicecategory=u'all') api.Command.caacl_add_profile(u'hosts_services_caIPAserviceCert', certprofile=(u'caIPAserviceCert',)) -- 2.4.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code