From 373e9d1cf8b6539149e50b02655bdc7e931d7bf6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 8 Dec 2011 10:04:09 +0100
Subject: Reorder privileges so that memberof for permissions are generated
 properly.

The privilege was added after the permission causing the memberof to not
be generated.

Add a new task to regenerate memberof for existing PBAC to fix upgrades.

https://fedorahosted.org/freeipa/ticket/2058
https://fedorahosted.org/freeipa/ticket/2059
https://fedorahosted.org/freeipa/ticket/2060
https://fedorahosted.org/freeipa/ticket/2061
---
 install/updates/45-roles.update | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'install/updates/45-roles.update')

diff --git a/install/updates/45-roles.update b/install/updates/45-roles.update
index 04f4be8fd..3803cee3b 100644
--- a/install/updates/45-roles.update
+++ b/install/updates/45-roles.update
@@ -21,6 +21,9 @@ default:cn: Modify Group membership
 default:description: Modify Group membership
 default:member: cn=helpdesk,cn=roles,cn=accounts,$SUFFIX
 
+dn: cn=Modify Group membership,cn=permissions,cn=pbac,$SUFFIX
+add:member: 'cn=Modify Group membership,cn=privileges,cn=pbac,$SUFFIX'
+
 dn: cn=User Administrator,cn=roles,cn=accounts,$SUFFIX
 default:objectClass: groupofnames
 default:objectClass: nestedgroup
-- 
cgit