Version: freeipa-server-2.99.0-0.20120618T1103Zgite94733f.fc17.x86_64
ipa: ERROR: targetattr "--permissions=write" does not exist in schema. Please add attributeTypes "--permissions=write" to schema if necessary. ACL Syntax Error(-5):(targetattr = \22--permissions=write\22)(target = \22ldap:///uid=\2a,cn=users,cn=accounts,dc=testrelm,dc=com\22)(version 3.0;acl \22permission:APermission\22;allow (write) groupdn = \22ldap:///cn=apermission,cn=permissions,cn=pbac,dc=testrelm,dc=com\22;): Invalid syntax. [root@dhcp201-207 ipa-rbac]#
<shanks> mkosek, see "\22" in the output <mkosek> shanks: hello, you mean the fact that \22 is in the output not the that the command does not work? <mkosek> shanks: because the options are indeed wrong, --attrs takes value <shanks> mkosek, yes, this was part of negative testing <mkosek> shanks: well, there is a indeed some glitch in the error message, you can file a bug if you want to - though this is a very low priority one :) <shanks> mkosek, ok, thanks
It looks to me like --attrs is taking --permissions as the value of the attributes. If anything though would be a bug in OptionParser.
OptionParser simply takes the next value after argument option as an option's value. I don't think this is an error in OptionParser... We just need to fix the error message.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=837375
Moving ticket to RC2, as RC1 deadline is too close for this ticket to be included.
This issue may not be a bug at all, ACL Syntax Error message with backslashes is generated by 389-ds NSACLPlugin:
/var/log/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM/errors:
[25/Sep/2012:06:12:03 -0400] NSACLPlugin - ACL Syntax Error(-5):(targetattr = \22foo\22)(target = \22ldap:///uid=\2a,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com\22)(version 3.0;acl \22permission:foo2\22;allow (write) groupdn = \22ldap:///cn=foo2,cn=permissions,cn=pbac,dc=idm,dc=lab, dc=bos,dc=redhat,dc=com\22;)
Rich, are the backslashes in ACL Syntax Error message intentional or is it an error message formatting bug?
Replying to [comment:7 mkosek]:
This issue may not be a bug at all, ACL Syntax Error message with backslashes is generated by 389-ds NSACLPlugin: /var/log/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM/errors: {{{ [25/Sep/2012:06:12:03 -0400] NSACLPlugin - ACL Syntax Error(-5):(targetattr = \22foo\22)(target = \22ldap:///uid=\2a,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com\22)(version 3.0;acl \22permission:foo2\22;allow (write) groupdn = \22ldap:///cn=foo2,cn=permissions,cn=pbac,dc=idm,dc=lab, dc=bos,dc=redhat,dc=com\22;) }}} Rich, are the backslashes in ACL Syntax Error message intentional or is it an error message formatting bug?
/var/log/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM/errors: {{{ [25/Sep/2012:06:12:03 -0400] NSACLPlugin - ACL Syntax Error(-5):(targetattr = \22foo\22)(target = \22ldap:///uid=\2a,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com\22)(version 3.0;acl \22permission:foo2\22;allow (write) groupdn = \22ldap:///cn=foo2,cn=permissions,cn=pbac,dc=idm,dc=lab, dc=bos,dc=redhat,dc=com\22;) }}}
The backslash hex escapes are intentional. Not sure why, but it has been that way for a long time.
closed as not a bug
Metadata Update from @shanks: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.0.1 (bug fixing)
Login to comment on this ticket.