[Freeipa-devel] [freeipa PR#617][comment] Allow renaming of sudo rules

[stlaz]

  URL: https://github.com/freeipa/freeipa/pull/617
Title: #617: Allow renaming of sudo rules

stlaz commented:
"""
Thank you Alexander for your insight. Since this was a hack, I did not want to 
do it server-wise. I chose a different approach to the problem and reworked the 
original idea so the rename option is now worked with on server.
With this approach, we are able to white-list objects which we think may be 
allowed renaming even though their primary keys are not in their RDN.

Just for the record, the names of sudo rules are still not checked for CN 
compatibility since their primary key is not part of their DN, but that's how 
things have been since for ever, I am afraid (you can try `ipa sudorule-add 
bad,cn=rule`).
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/617#issuecomment-288389417
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#617][comment] Allow renaming of sudo rules

[abbra]

  URL: https://github.com/freeipa/freeipa/pull/617
Title: #617: Allow renaming of sudo rules

abbra commented:
"""
I don't like it is done on the client side. This will not work for Web UI, for 
example.
Additionally, no validation of cn={newname} is here to be a single value RDN. 
If we add this as --setattr, we probably want to return meaningful error, not a 
general --setattr error.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/617#issuecomment-287358727
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code