From 5547ed320ae616bec90ee0b04d86ba13d12c0586 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 10 Mar 2008 10:04:15 -0400
Subject: Remove ACI that was causing RDN changes to fail Fix for session code
 so RDN change can succeed

433523
---
 ipa-server/ipa-gui/ipagui/subcontrollers/user.py | 5 +----
 ipa-server/ipa-install/share/default-aci.ldif    | 1 -
 2 files changed, 1 insertion(+), 5 deletions(-)

(limited to 'ipa-server')

diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
index 4c2a758b7..f20c423e7 100644
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py
@@ -421,7 +421,7 @@ class UserController(IPAController):
             raise turbogears.redirect('/user/show', uid=kw.get('uid'))
 
         edituid = cherrypy.session.get('uid')
-        if not edituid or edituid != kw.get('uid'):
+        if edituid and edituid != kw.get('uid') and edituid != kw.get('uid_hidden'):
             turbogears.flash("Something went wrong. You last viewed %s but are trying to update %s" % (kw.get('uid'), edituid))
             raise turbogears.redirect('/user/show', uid=kw.get('uid'))
 
@@ -615,9 +615,6 @@ class UserController(IPAController):
                         user_groups=user_groups_dicts,
                         tg_template='ipagui.templates.useredit')
 
-        # We no longer need this
-        cherrypy.session['uid'] = None
-
         turbogears.flash("%s updated!" % kw['uid'])
         raise turbogears.redirect('/user/show', uid=kw['uid'])
 
diff --git a/ipa-server/ipa-install/share/default-aci.ldif b/ipa-server/ipa-install/share/default-aci.ldif
index a452b50d2..b268ad199 100644
--- a/ipa-server/ipa-install/share/default-aci.ldif
+++ b/ipa-server/ipa-install/share/default-aci.ldif
@@ -3,7 +3,6 @@
 dn: $SUFFIX
 changetype: modify
 add: aci
-aci: (targetattr = "krbMKey")(version 3.0; acl "Only the kerberos account can access this one"; deny (read, search, compare, write) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)
 aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";)
 aci: (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admin can manage any entry"; allow (all) userdn = "ldap:///uid=admin,cn=sysaccounts,cn=etc,$SUFFIX";)
 aci: (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword")(version 3.0; acl "Self can write own password"; allow (write) userdn="ldap:///self";)
-- 
cgit