From ce31d4124e20261cbd561f688110046945b082c1 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Thu, 19 Feb 2015 17:10:37 +0100 Subject: [PATCH] ipalib: Make sure correct attribute name is referenced for fax Fixes the invalid attribute name reference in the 'System: Read User Addressbook Attributes' permission. https://fedorahosted.org/freeipa/ticket/4883 Reviewed-By: Martin Kosek Reviewed-By: Alexander Bokovoy --- ACI.txt | 2 +- ipalib/plugins/user.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ACI.txt b/ACI.txt index 67d583fabc295deb8aa5aab329bce5100c1b9088..fa1dcc4a8c9fd0c610dadcb2c368f700d26d4011 100644 --- a/ACI.txt +++ b/ACI.txt @@ -255,7 +255,7 @@ aci: (targetattr = "businesscategory || carlicense || cn || description || displ dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example aci: (targetattr = "*")(target = "ldap:///cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read UPG Definition";allow (compare,read,search) groupdn = "ldap:///cn=System: Read UPG Definition,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example -aci: (targetattr = "audio || businesscategory || carlicense || departmentnumber || destinationindicator || employeenumber || employeetype || fax || homephone || homepostaladdress || inetuserhttpurl || inetuserstatus || internationalisdnnumber || jpegphoto || l || labeleduri || mail || mobile || o || ou || pager || photo || physicaldeliveryofficename || postaladdress || postalcode || postofficebox || preferreddeliverymethod || preferredlanguage || registeredaddress || roomnumber || secretary || seealso || st || street || telephonenumber || teletexterminalidentifier || telexnumber || usercertificate || usersmimecertificate || x121address || x500uniqueidentifier")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Addressbook Attributes";allow (compare,read,search) userdn = "ldap:///all";) +aci: (targetattr = "audio || businesscategory || carlicense || departmentnumber || destinationindicator || employeenumber || employeetype || facsimiletelephonenumber || homephone || homepostaladdress || inetuserhttpurl || inetuserstatus || internationalisdnnumber || jpegphoto || l || labeleduri || mail || mobile || o || ou || pager || photo || physicaldeliveryofficename || postaladdress || postalcode || postofficebox || preferreddeliverymethod || preferredlanguage || registeredaddress || roomnumber || secretary || seealso || st || street || telephonenumber || teletexterminalidentifier || telexnumber || usercertificate || usersmimecertificate || x121address || x500uniqueidentifier")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Addressbook Attributes";allow (compare,read,search) userdn = "ldap:///all";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read User Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=users,cn=accounts,dc=ipa,dc=example diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 56585b9f86593c0c5879139103bc71707b88e15f..abe5ee26b8e48681eeb0cbb3bcff8617e212225c 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -276,7 +276,7 @@ class user(LDAPObject): 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': { 'seealso', 'telephonenumber', - 'fax', 'l', 'ou', 'st', 'postalcode', 'street', + 'facsimiletelephonenumber', 'l', 'ou', 'st', 'postalcode', 'street', 'destinationindicator', 'internationalisdnnumber', 'physicaldeliveryofficename', 'postaladdress', 'postofficebox', 'preferreddeliverymethod', 'registeredaddress', -- 2.1.0