Issue #4187: permission-add with invalid attribute create inconsistent state - freeipa

freeipa

#4187 permission-add with invalid attribute create inconsistent state

Closed: Fixed None Opened 10 years ago by mkosek.

When the first created ACI is invalid, permission object is created but the ACI is missing:

# ipa permission-add test --attrs foo --permission read --type user
ipa: ERROR: targetattr "foo" does not exist in schema. Please add attributeTypes "foo" to schema if necessary. ACL Syntax Error(-5):(targetattr = \22foo\22)(targetfilter = \22(objectclass=posixaccount)\22)(version 3.0;acl \22permission:test\22;allow (read) groupdn = \22ldap:///cn=test,cn=permissions,cn=pbac,dc=example,dc=com\22;): Invalid syntax.

# ipa permission-show test --all --raw
ipa: ERROR: The ACI for permission test was not found in cn=users,cn=accounts,dc=example,dc=com

This is happening in 3.4 devel version.

pviktori commented 10 years ago

master:

d3a3459 permission_add: Remove permission entry if adding the ACI fails

Metadata Update from @mkosek:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 4.0 - 2014/03

7 years ago

Metadata

Assignee

pviktori

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.0 - 2014/03

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Access control

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

adelton

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#4187 permission-add with invalid attribute create inconsistent state Closed: Fixed None Opened 10 years ago by mkosek.

Metadata

#4187 permission-add with invalid attribute create inconsistent state

Closed: Fixed None Opened 10 years ago by mkosek.