On 11/05/2014 05:22 PM, Rob Verduijn wrote:
I saw in the upstream foreman-prepare-realm script that the new
permission names should include a prefix "System: "
That Prefix is not there, what did change was that some permissions
where no longer lower case only.
ie in 3.3.5 the permission is 'write dns configuration' and in 4.1 it
becomes 'Write DNS Configuration'
Right. There were some changes to IPA's default policy too, but I don't
think it should affect the Foreman proxy very much. For example there
are now permissions for reading data, but most are granted to all
authenticated users by default.
I've left some comments in the pull request.
2014-11-05 16:25 GMT+01:00 Petr Spacek <pspa...@redhat.com
On 5.11.2014 16:20, Rob Verduijn wrote:
Yes I noticed the name change it took me a while to realise it
was a known
ruby bug in katello that caused the real problem.
I also checked after I updated the 'katello integrated' update
to 4.1 and the permissions were neatly renamed to their new
However the internal dns no longer worked :(
So the permissions broke after upgrade to 4.1, right? pviktori, can
you give us some advice?
2014-11-05 16:17 GMT+01:00 Stephen Benjamin <step...@redhat.com
On Wed, Nov 05, 2014 at 09:41:59AM -0500, Rob Crittenden wrote:
Also when I look at the permissions in ipa there
are no longer any
permissions that have the 'System: ' prefix.
AFAIK the foreman proxy is not necessary (and not
supported) with IPA
4.x because it was obsoleted by 'native' proxy
delivered by Foreman
Am I right, Rob (Crittenden)? :-)
I believe he's referring to the native smart proxy here.
It includes a
script to setup permissions. I guess it hasn't been
tested against a 4.x
The permissions have changed names in FreeIPA 4.0, which
script won't work. I've tested this one against 4.1 on F21
There's an open pull request against foreman's Smart Proxy
that in the next release:
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project