From ce31d4124e20261cbd561f688110046945b082c1 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Thu, 19 Feb 2015 17:10:37 +0100
Subject: [PATCH] ipalib: Make sure correct attribute name is referenced for
fax
Fixes the invalid attribute name reference in the
'System: Read User Addressbook Attributes' permission.
https://fedorahosted.org/freeipa/ticket/4883
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
ACI.txt | 2 +-
ipalib/plugins/user.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ACI.txt b/ACI.txt
index 67d583fabc295deb8aa5aab329bce5100c1b9088..fa1dcc4a8c9fd0c610dadcb2c368f700d26d4011 100644
--- a/ACI.txt
+++ b/ACI.txt
@@ -255,7 +255,7 @@ aci: (targetattr = "businesscategory || carlicense || cn || description || displ
dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example
aci: (targetattr = "*")(target = "ldap:///cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read UPG Definition";allow (compare,read,search) groupdn = "ldap:///cn=System: Read UPG Definition,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
-aci: (targetattr = "audio || businesscategory || carlicense || departmentnumber || destinationindicator || employeenumber || employeetype || fax || homephone || homepostaladdress || inetuserhttpurl || inetuserstatus || internationalisdnnumber || jpegphoto || l || labeleduri || mail || mobile || o || ou || pager || photo || physicaldeliveryofficename || postaladdress || postalcode || postofficebox || preferreddeliverymethod || preferredlanguage || registeredaddress || roomnumber || secretary || seealso || st || street || telephonenumber || teletexterminalidentifier || telexnumber || usercertificate || usersmimecertificate || x121address || x500uniqueidentifier")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Addressbook Attributes";allow (compare,read,search) userdn = "ldap:///all";)
+aci: (targetattr = "audio || businesscategory || carlicense || departmentnumber || destinationindicator || employeenumber || employeetype || facsimiletelephonenumber || homephone || homepostaladdress || inetuserhttpurl || inetuserstatus || internationalisdnnumber || jpegphoto || l || labeleduri || mail || mobile || o || ou || pager || photo || physicaldeliveryofficename || postaladdress || postalcode || postofficebox || preferreddeliverymethod || preferredlanguage || registeredaddress || roomnumber || secretary || seealso || st || street || telephonenumber || teletexterminalidentifier || telexnumber || usercertificate || usersmimecertificate || x121address || x500uniqueidentifier")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Addressbook Attributes";allow (compare,read,search) userdn = "ldap:///all";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read User Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 56585b9f86593c0c5879139103bc71707b88e15f..abe5ee26b8e48681eeb0cbb3bcff8617e212225c 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -276,7 +276,7 @@ class user(LDAPObject):
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
'seealso', 'telephonenumber',
- 'fax', 'l', 'ou', 'st', 'postalcode', 'street',
+ 'facsimiletelephonenumber', 'l', 'ou', 'st', 'postalcode', 'street',
'destinationindicator', 'internationalisdnnumber',
'physicaldeliveryofficename', 'postaladdress', 'postofficebox',
'preferreddeliverymethod', 'registeredaddress',
--
2.1.0