Implement support for non-LDAP-based actions that use the LDAP ACI subsystem.

There are some operations, like those for the certificate system, that don't need to write to the directory server. So instead we have an entry that we test against to determine whether the operation is allowed or not. This is done by attempting a write on the entry. If it would succeed then permission is granted. If not then denied. The write we attempt is actually invalid so the write itself will fail but the attempt will fail first if access is not permitted, so we can distinguish between the two without polluting the entry.
author: Rob Crittenden <rcritten@redhat.com> 2009-07-10 16:40:39 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2009-07-10 16:41:05 -0400
commit: e31d5fb1cfc7b7b2ed47202e0ef1c462f01a046b (patch)
tree: 840d01d9ef8781593bc518197be6afe9c969c3a0 /ipalib/errors.py
parent: 51498038739cf4e3278457748938cd807095cfb3 (diff)
download: freeipa-e31d5fb1cfc7b7b2ed47202e0ef1c462f01a046b.tar.gz
freeipa-e31d5fb1cfc7b7b2ed47202e0ef1c462f01a046b.tar.xz
freeipa-e31d5fb1cfc7b7b2ed47202e0ef1c462f01a046b.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py
index e3dfc14d..a08ee959 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -563,7 +563,7 @@ class ACIError(AuthorizationError):
     """
 
     errno = 2100
-    format = _('Insufficient access: %(info)r')
+    format = _('Insufficient access: %(info)s')
author	Rob Crittenden <rcritten@redhat.com>	2009-07-10 16:40:39 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2009-07-10 16:41:05 -0400
commit	e31d5fb1cfc7b7b2ed47202e0ef1c462f01a046b (patch)
tree	840d01d9ef8781593bc518197be6afe9c969c3a0 /ipalib/errors.py
parent	51498038739cf4e3278457748938cd807095cfb3 (diff)
download	freeipa-e31d5fb1cfc7b7b2ed47202e0ef1c462f01a046b.tar.gz freeipa-e31d5fb1cfc7b7b2ed47202e0ef1c462f01a046b.tar.xz freeipa-e31d5fb1cfc7b7b2ed47202e0ef1c462f01a046b.zip