diff options
author | Rob Crittenden <rcritten@redhat.com> | 2007-12-07 16:08:12 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2007-12-07 16:08:12 -0500 |
commit | 5e4a1629545a981c1183ec9d904f7072f6583284 (patch) | |
tree | d6de08eec6a7c811520542e53e3afaf6e50c6544 | |
parent | 0c0cc370cf43df640c22a26d31cd2df2404184b4 (diff) | |
download | freeipa-5e4a1629545a981c1183ec9d904f7072f6583284.tar.gz freeipa-5e4a1629545a981c1183ec9d904f7072f6583284.tar.xz freeipa-5e4a1629545a981c1183ec9d904f7072f6583284.zip |
Fix delegation in the UI and add a missing aci that allows writes.
Make ipa-deldelegation more user-friendly.
-rw-r--r-- | ipa-admintools/ipa-deldelegation | 4 | ||||
-rw-r--r-- | ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py | 2 | ||||
-rw-r--r-- | ipa-server/ipa-install/share/default-aci.ldif | 1 |
3 files changed, 5 insertions, 2 deletions
diff --git a/ipa-admintools/ipa-deldelegation b/ipa-admintools/ipa-deldelegation index 7ad17c38b..030d462ff 100644 --- a/ipa-admintools/ipa-deldelegation +++ b/ipa-admintools/ipa-deldelegation @@ -65,6 +65,7 @@ def main(): if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): aci_str_list = [aci_str_list] + acistr = None for aci_str in aci_str_list: try: aci = ipa.aci.ACI(aci_str) @@ -76,7 +77,7 @@ def main(): pass if acistr is None: - print "No delegation %s found." % args[1] + print "No delegation '%s' found." % args[1] return 2 old_aci_index = aci_str_list.index(acistr) @@ -86,6 +87,7 @@ def main(): aci_entry.setValue('aci', new_aci_str_list) client.update_entry(aci_entry) + print "Delegation removed." except xmlrpclib.Fault, fault: if fault.faultCode == errno.ECONNREFUSED: print "The IPA XML-RPC service is not responding." diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py b/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py index 142d34430..cee239e72 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py @@ -71,7 +71,7 @@ class DelegationController(IPAController): new_aci.source_group = kw.get('source_group_dn') new_aci.dest_group = kw.get('dest_group_dn') new_aci.attrs = kw.get('attrs') - if (new_aci.attrs, str): + if isinstance(new_aci.attrs, str): new_aci.attrs = [new_aci.attrs] # Look for an existing ACI of the same name diff --git a/ipa-server/ipa-install/share/default-aci.ldif b/ipa-server/ipa-install/share/default-aci.ldif index 83f927e3a..6b8afd28b 100644 --- a/ipa-server/ipa-install/share/default-aci.ldif +++ b/ipa-server/ipa-install/share/default-aci.ldif @@ -22,6 +22,7 @@ dn: cn=accounts,$SUFFIX changetype: modify add: aci aci: (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) +aci: (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) dn: cn=services,cn=accounts,$SUFFIX changetype: modify |