diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-05-11 15:28:03 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-05-14 10:07:41 +0200 |
commit | 95bb8d0f45c3061035633c7b9c3b1609b11a158d (patch) | |
tree | 815f45e8ecc3724b87777b557fd59af0e77bc643 /ipalib | |
parent | 472f9fc5aad845afa335786599ba75603c006d31 (diff) | |
download | freeipa-95bb8d0f45c3061035633c7b9c3b1609b11a158d.tar.gz freeipa-95bb8d0f45c3061035633c7b9c3b1609b11a158d.tar.xz freeipa-95bb8d0f45c3061035633c7b9c3b1609b11a158d.zip |
Fix overlapping cn param/option issue, pass cn as aciname in find
permission-find --name wasn't working for two reasons. The first
was that the cn to search on in options ended up overlapping the
primary key name causing the request to fail.
The second reason was aci uses aciname, not cn, as its name field.
So searching on --name matched everything because it was as if you
were searching on nothing.
https://fedorahosted.org/freeipa/ticket/2320
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/permission.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 2cf42bbc0..9bf17944c 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -387,10 +387,17 @@ class permission_find(LDAPSearch): del opts['raw'] except: pass + if 'cn' in options: + # the attribute for name is difference in acis + opts['aciname'] = options['cn'] aciresults = self.api.Command.aci_find(*args, **opts) truncated = truncated or aciresults['truncated'] results = aciresults['result'] + if 'cn' in options: + # there is an option/param overlap if --name is in the + # search list, we don't need cn anymore so drop it. + options.pop('cn') for aci in results: found = False if 'permission' in aci: |