Modifying permission memberof to empty will generate an internal error.
See the following permission:
# ipa permission-add test --permission=all --memberof=editors --type=user ----------------------- Added permission "test" ----------------------- Permission name: test Permissions: all Type: user Member of group: editors
Modifying the memberof to another value works fine:
# ipa permission-mod test --memberof=ipausers -------------------------- Modified permission "test" -------------------------- Permission name: test Permissions: all Type: user Member of group: ipausers
Modifying memberof to empty fails:
# ipa permission-mod test --memberof= ipa: ERROR: an internal error has occurred
Here is the stack trace from /var/log/httpd/error_log:
ipa: ERROR: non-public: AttributeError: 'NoneType' object has no attribute 'find' Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 229, in wsgi_execute result = self.Command[name](*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 438, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 696, in run return self.execute(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 1106, in execute ldap, dn, entry_attrs, attrs_list, *keys, **options File "/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py", line 299, in pre_callback raise e AttributeError: 'NoneType' object has no attribute 'find' ipa: INFO: admin@EXAMPLE.COM: permission_mod(u'test', memberof=None, rights=False, all=False, raw=False, version=u'2.20'): AttributeError
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=782566
Ondra, please check this one.
#2100 & #2101 are the fixes for this one.
master: 616d543[[BR]] ipa-2-2: 93a1a38
Metadata Update from @edewata: - Issue assigned to ohamada - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
Login to comment on this ticket.