On 03/12/2012 04:44 PM, Stephen Ingram wrote:
On Mon, Mar 12, 2012 at 2:10 PM, Rich Megginson<rmegg...@redhat.com>  wrote:
On 03/12/2012 02:42 PM, Stephen Ingram wrote:
On Mon, Mar 12, 2012 at 1:09 PM, Rob Crittenden<rcrit...@redhat.com>
  wrote:

...snip...

Could also be python-ldap, we ran into a schema handling problem already.

It may be possible to duplicate this from the command line using the
--rights option. This executes the same GER control. I'll have to refresh
my
F-17 install, it is ancient by current standards.

You could test with something like:

# ipa user-show --all --rights admin

If it worked it would include attributelevelrights with a huge list of
values. This represents the rights you have on the various attributes
(read,
write, etc). The UI uses this to determine what it will allow you to
edit.
Here is the result:

[root@f17a yum.repos.d]# ipa user-show --all --rights admin
ipa: ERROR: get-effective-rights: missing subject: Invalid syntax.

I would be happy to try the debug flag in python-ldap, but not sure how to
do.
I know how to do it hacking the code that uses python-ldap, but I'm not sure
how to do it without hacking the code.
Can I just change the OPT_DEBUG_LEVEL to 4096 in ipaserver/ipaldap.py
or do I also need to change the settings in each area where an ldap
connection is initiated?
Good question - any IPA developers want to chime in?

Steve

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to