From 64ee2464e8f21d070358d82f40b4ec13a9546c6b Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 6 Dec 2011 18:15:41 -0500
Subject: Display the value of memberOf ACIs in permission plugin.

There were two problems:

1. memberof wasn't in the list of things we looked for in the return value
   from aci_show()
2. The value wasn't being translated into a group name.

Use the DN class to retrieve the group name from the memberof URI.

Note that I changed the parsing for targetgroup as well. We now save a lookup
and potentially returning a NotFound if an aci points to a group that no
longer exists.

https://fedorahosted.org/freeipa/ticket/2100
---
 ipalib/plugins/permission.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ipalib/plugins/permission.py')

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index c48979f9..e4d11f0d 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -98,7 +98,7 @@ class permission(LDAPObject):
         'memberindirect', 'ipapermissiontype',
     ]
     aci_attributes = ['group', 'permissions', 'attrs', 'type',
-        'filter', 'subtree', 'targetgroup',
+        'filter', 'subtree', 'targetgroup', 'memberof',
     ]
     attribute_members = {
         'member': ['privilege'],
@@ -338,7 +338,7 @@ class permission_mod(LDAPUpdate):
 
         result = self.api.Command.permission_show(cn, **options)['result']
         for r in result:
-            if not r.startswith('member'):
+            if not r.startswith('member_'):
                 entry_attrs[r] = result[r]
         return dn
 
-- 
cgit