freeipa

Clone
Source Code
GIT

#4074 [RFE] Multivalued targetfilter in permissions
Closed: Fixed None Opened 10 years ago by pviktori.

Closed: Fixed
Reopen Issue

"type" permissions (e.g. --type=user) should use targetfilter instead of target (e.g. (targetfilter = "(objectclass=ipaUser)"))

To make sure this works with another, user-specified, filter, we need to allow multiple values in targetfilter and have --type work only on the objectclass one.

For additional flexibility, add targetattrfilter (also multi-valued).

Mailing list thread: http://www.redhat.com/archives/freeipa-devel/2013-December/msg00063.html

I've moved the targetattrfilters part out to https://fedorahosted.org/freeipa/ticket/4106

master:

  • e951f18 permissions: Use multivalued targetfilter
  • 78b657b Add permission_filter_objectclasses for explicit type filters
  • 0f1e137 Add tests for multivalued filters

Starting review

Additional fix:

master:

  • 0c2aec1 permission plugin: Allow multiple values for memberof

Metadata Update from @pviktori:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 4.0 - 2014/02
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
enhancement
None
None
Access control
None
1
None
None
mkosek
None
0
None
Allow multivalued target filters in permission CLI and Web UI.
http://www.freeipa.org/page/V4/Multivalued_target_filters_in_permissions
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.