590d18
From f8a4727b7e77e377e4c63c0ebd98a67f4f84bdb4 Mon Sep 17 00:00:00 2001
590d18
From: Petr Vobornik <pvoborni@redhat.com>
590d18
Date: Tue, 14 Jul 2015 18:04:33 +0200
590d18
Subject: [PATCH] fix hbac rule search for non-admin users
590d18
590d18
hbacrule has it default attributes (which are used in search) attribute
590d18
'memberhostgroup'. This attr is not in ACI nor in schema. If the search
590d18
contains an attribute which can't be read then the search won't return
590d18
anything.
590d18
590d18
Therefore all searches with filter set fail.
590d18
590d18
https://fedorahosted.org/freeipa/ticket/5130
590d18
590d18
Reviewed-By: Martin Basti <mbasti@redhat.com>
590d18
---
590d18
 ipalib/plugins/hbacrule.py | 2 +-
590d18
 1 file changed, 1 insertion(+), 1 deletion(-)
590d18
590d18
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
590d18
index 34bdc9bdfe03f01662851bd5aea9daf9e28823d0..82a52bd80f58ede43249264db69acd193233448d 100644
590d18
--- a/ipalib/plugins/hbacrule.py
590d18
+++ b/ipalib/plugins/hbacrule.py
590d18
@@ -124,7 +124,7 @@ class hbacrule(LDAPObject):
590d18
         'description', 'usercategory', 'hostcategory',
590d18
         'servicecategory', 'ipaenabledflag',
590d18
         'memberuser', 'sourcehost', 'memberhost', 'memberservice',
590d18
-        'memberhostgroup', 'externalhost',
590d18
+        'externalhost',
590d18
     ]
590d18
     uuid_attribute = 'ipauniqueid'
590d18
     rdn_attribute = 'ipauniqueid'
590d18
-- 
590d18
2.4.3
590d18