Re: [Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.

Endi Sukma Dewata wrote: On 1/4/2012 3:47 PM, Rob Crittenden wrote: I guess I'm just not convinced this additional complexity would buy us anything. Updated patch attached that fixes the memberof display and updates the tests trivially. OK, the mod output is fixed. Since the exclusivity

Re: [Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.

On 1/3/2012 6:27 AM, Petr Vobornik wrote: On 12/07/2011 12:22 AM, Rob Crittenden wrote: Resending as a [PATCH] I've created UI portion patch (#2101). The show command seems working well, but the mod command is not returning the memberof attribute after execution. It is needed for Web UI (if

Re: [Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.

Endi Sukma Dewata wrote: On 1/3/2012 6:27 AM, Petr Vobornik wrote: On 12/07/2011 12:22 AM, Rob Crittenden wrote: Resending as a [PATCH] I've created UI portion patch (#2101). The show command seems working well, but the mod command is not returning the memberof attribute after execution. It

Re: [Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.

On 1/4/2012 12:20 PM, Rob Crittenden wrote: Also another thing, in _make_aci() in aci.py there are 2 exclusivity rules: * type, filter, subtree and targetgroup are mutually exclusive * filter and memberof are mutually exclusive Based on these rules it's possible to have memberof and targetgroup

Re: [Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.

Endi Sukma Dewata wrote: On 1/4/2012 12:20 PM, Rob Crittenden wrote: Also another thing, in _make_aci() in aci.py there are 2 exclusivity rules: * type, filter, subtree and targetgroup are mutually exclusive * filter and memberof are mutually exclusive Based on these rules it's possible to

Re: [Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.

On 1/4/2012 2:32 PM, Rob Crittenden wrote: ipa permission-add test --permissions=all --memberof=editors --targetgroup=ipausers It generates the following ACI: (targetfilter = (memberOf=cn=editors,cn=groups,cn=accounts, dc=example,dc=com)) (target = ldap:///cn=ipausers,cn=groups,cn=accounts,

Re: [Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.

Endi Sukma Dewata wrote: On 1/4/2012 2:32 PM, Rob Crittenden wrote: ipa permission-add test --permissions=all --memberof=editors --targetgroup=ipausers It generates the following ACI: (targetfilter = (memberOf=cn=editors,cn=groups,cn=accounts, dc=example,dc=com)) (target =

Re: [Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.

On 1/4/2012 3:47 PM, Rob Crittenden wrote: I guess I'm just not convinced this additional complexity would buy us anything. Updated patch attached that fixes the memberof display and updates the tests trivially. OK, the mod output is fixed. Since the exclusivity rules aren't changed, the

Re: [Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.

On 12/07/2011 12:22 AM, Rob Crittenden wrote: Resending as a [PATCH] I've created UI portion patch (#2101). The show command seems working well, but the mod command is not returning the memberof attribute after execution. It is needed for Web UI (if we want to support modification of

[Freeipa-devel] Fwd: [PATCH] 912 Display the value of memberOf ACIs in permission plugin.

Resending as a [PATCH] ---BeginMessage--- There were two problems: 1. memberof wasn't in the list of things we looked for in the return value from aci_show() 2. The value wasn't being translated into a group name. Use the DN class to retrieve the group name from the memberof URI. Note that