On 23.2.2016 17:20, Martin Basti wrote:
On 22.02.2016 09:00, Jan Cholasta wrote:
On 17.2.2016 14:49, Martin Basti wrote:
Patch attached (for master, 4.3, 4.2)
1) All the replication agreement permission ACIs should be located in
the same entry. Currently "Read Replication Agreements" is in
"cn=config" and everything else in "cn=mapping tree,cn=config", so I
guess "cn=mapping tree,cn=config" makes more sense.
2) Instead of literal DN('cn=permissions,cn=pbac'), use
3) IMO the removal of managed permission attributes could be a little
bit more robust. You should check that the original entry contains all
the required values before touching it (objectclass=ipapermissionv2,
ipapermissiontype=V2, ipapermissiontype=MANAGED) and remove only the
values that need to be removed, instead of just overwriting everything.
Updated patch attached.
The patch does not apply on ipa-4-2.
Also this bit in replica-acis.ldif is redundant:
+dn: cn=mapping tree,cn=config
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code