From 3e8d1d09e5a1b19c64a0356d2b19dac74c20ad73 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Fri, 7 Aug 2015 03:21:43 -0400
Subject: [PATCH] Fix default CA ACL added during upgrade

The upgrade script is adding the default CA ACL with incorrect
attributes - usercategory=all instead of servicecategory=all.  Fix
it to create the correct object.

Fixes: https://fedorahosted.org/freeipa/ticket/5185
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 ipaserver/install/server/upgrade.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 037127918cb4c205c5049446989bfdaa674967a4..692d0c77e0683f4ad35ebbc14d5a34decc098deb 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1306,7 +1306,7 @@ def add_default_caacl(ca):
 
         if not api.Command.caacl_find()['result']:
             api.Command.caacl_add(u'hosts_services_caIPAserviceCert',
-                hostcategory=u'all', usercategory=u'all')
+                hostcategory=u'all', servicecategory=u'all')
             api.Command.caacl_add_profile(u'hosts_services_caIPAserviceCert',
                 certprofile=(u'caIPAserviceCert',))
 
-- 
2.4.3