diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-12-06 18:15:41 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-01-04 20:27:26 -0500 |
| commit | 64ee2464e8f21d070358d82f40b4ec13a9546c6b (patch) | |
| tree | 758cdd2ed18481bd9fd73165fbb4caf0c8fd4f1c /ipalib/plugins/permission.py | |
| parent | de0444defea0868bc2b3ec1ee8624a514c67a04e (diff) | |
| download | freeipa.git-64ee2464e8f21d070358d82f40b4ec13a9546c6b.tar.gz freeipa.git-64ee2464e8f21d070358d82f40b4ec13a9546c6b.tar.xz freeipa.git-64ee2464e8f21d070358d82f40b4ec13a9546c6b.zip | |
Display the value of memberOf ACIs in permission plugin.
There were two problems:
1. memberof wasn't in the list of things we looked for in the return value
from aci_show()
2. The value wasn't being translated into a group name.
Use the DN class to retrieve the group name from the memberof URI.
Note that I changed the parsing for targetgroup as well. We now save a lookup
and potentially returning a NotFound if an aci points to a group that no
longer exists.
https://fedorahosted.org/freeipa/ticket/2100
Diffstat (limited to 'ipalib/plugins/permission.py')
| -rw-r--r-- | ipalib/plugins/permission.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index c48979f9..e4d11f0d 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -98,7 +98,7 @@ class permission(LDAPObject): 'memberindirect', 'ipapermissiontype', ] aci_attributes = ['group', 'permissions', 'attrs', 'type', - 'filter', 'subtree', 'targetgroup', + 'filter', 'subtree', 'targetgroup', 'memberof', ] attribute_members = { 'member': ['privilege'], @@ -338,7 +338,7 @@ class permission_mod(LDAPUpdate): result = self.api.Command.permission_show(cn, **options)['result'] for r in result: - if not r.startswith('member'): + if not r.startswith('member_'): entry_attrs[r] = result[r] return dn |