On Mon, 2017-01-16 at 17:09 +0100, Ludwig Krispenz wrote: > On 01/13/2017 06:24 PM, thierry bordaz wrote: > > Hello, > > > > The option specifies the value of 'objectclass' attribute during the > > GER. That is evaluated at attributeLevelRights but not at the > > entryLevelRights. I was not able to fix the test case using this option. > > > > For information I opened that ticket > > https://fedorahosted.org/freeipa/ticket/6609 > I think we need a 389-ds ticket as well. Looking into it, the aci code > contains parts to construct a template entry to evaluate access to a non > existent entry, but it is not called because either entries are found > and processed or the search returns no such object. > It should be possible to make this work.
Agreed, lets make a ds ticket for this. It sounds like Fraser is blocked on this, so we should probably work it out sooner than later, but I think that can be discussed at triage. -- Sincerely, William Brown Software Engineer Red Hat, Brisbane
Description: This is a digitally signed message part
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code