On Mon, 2017-01-16 at 17:09 +0100, Ludwig Krispenz wrote:
> On 01/13/2017 06:24 PM, thierry bordaz wrote:
> > Hello,
> >
> > The option specifies the value of 'objectclass' attribute during the 
> > GER. That is evaluated at attributeLevelRights but not at the 
> > entryLevelRights. I was not able to fix the test case using this option.
> >
> > For information I opened that ticket 
> > https://fedorahosted.org/freeipa/ticket/6609
> I think we need a 389-ds ticket as well. Looking into it, the aci code 
> contains parts to construct a template entry to evaluate access to a non 
> existent entry, but it is not called because either entries are found 
> and processed or the search returns no such object.
> It should be possible to make this work.

Agreed, lets make a ds ticket for this.

It sounds like Fraser is blocked on this, so we should probably work it
out sooner than later, but I think that can be discussed at triage.

-- 
Sincerely,

William Brown
Software Engineer
Red Hat, Brisbane

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to