|
 |
590d18 |
From f8a4727b7e77e377e4c63c0ebd98a67f4f84bdb4 Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: Petr Vobornik <pvoborni@redhat.com>
|
|
|
590d18 |
Date: Tue, 14 Jul 2015 18:04:33 +0200
|
|
|
590d18 |
Subject: [PATCH] fix hbac rule search for non-admin users
|
|
|
590d18 |
|
|
|
590d18 |
hbacrule has it default attributes (which are used in search) attribute
|
|
|
590d18 |
'memberhostgroup'. This attr is not in ACI nor in schema. If the search
|
|
|
590d18 |
contains an attribute which can't be read then the search won't return
|
|
|
590d18 |
anything.
|
|
|
590d18 |
|
|
|
590d18 |
Therefore all searches with filter set fail.
|
|
|
590d18 |
|
|
|
590d18 |
https://fedorahosted.org/freeipa/ticket/5130
|
|
|
590d18 |
|
|
|
590d18 |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
ipalib/plugins/hbacrule.py | 2 +-
|
|
|
590d18 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
|
|
|
590d18 |
index 34bdc9bdfe03f01662851bd5aea9daf9e28823d0..82a52bd80f58ede43249264db69acd193233448d 100644
|
|
|
590d18 |
--- a/ipalib/plugins/hbacrule.py
|
|
|
590d18 |
+++ b/ipalib/plugins/hbacrule.py
|
|
|
590d18 |
@@ -124,7 +124,7 @@ class hbacrule(LDAPObject):
|
|
|
590d18 |
'description', 'usercategory', 'hostcategory',
|
|
|
590d18 |
'servicecategory', 'ipaenabledflag',
|
|
|
590d18 |
'memberuser', 'sourcehost', 'memberhost', 'memberservice',
|
|
|
590d18 |
- 'memberhostgroup', 'externalhost',
|
|
|
590d18 |
+ 'externalhost',
|
|
|
590d18 |
]
|
|
|
590d18 |
uuid_attribute = 'ipauniqueid'
|
|
|
590d18 |
rdn_attribute = 'ipauniqueid'
|
|
|
590d18 |
--
|
|
|
590d18 |
2.4.3
|
|
|
590d18 |
|