From 3e8d1d09e5a1b19c64a0356d2b19dac74c20ad73 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Fri, 7 Aug 2015 03:21:43 -0400
Subject: [PATCH] Fix default CA ACL added during upgrade
The upgrade script is adding the default CA ACL with incorrect
attributes - usercategory=all instead of servicecategory=all. Fix
it to create the correct object.
Fixes: https://fedorahosted.org/freeipa/ticket/5185
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
ipaserver/install/server/upgrade.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 037127918cb4c205c5049446989bfdaa674967a4..692d0c77e0683f4ad35ebbc14d5a34decc098deb 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1306,7 +1306,7 @@ def add_default_caacl(ca):
if not api.Command.caacl_find()['result']:
api.Command.caacl_add(u'hosts_services_caIPAserviceCert',
- hostcategory=u'all', usercategory=u'all')
+ hostcategory=u'all', servicecategory=u'all')
api.Command.caacl_add_profile(u'hosts_services_caIPAserviceCert',
certprofile=(u'caIPAserviceCert',))
--
2.4.3