Currently FreeIPA ACIs only mention a single attribute name, ignoring its aliases. It would be better to allow access to an attribute through all valid names. Not sure where such request should end up -- in ACL plugin in 389-ds or in direct ACI rules in FreeIPA.
Related ticket - #4883.
steps to test needed when fixed.
389 ticket: https://fedorahosted.org/389/ticket/48042
Processing 4.2 backlog. This ticket was found as something that is not a priority for the nearest releases.
But as usual, please feel free to discuss your use cases or contribute patches, to make that happen sooner!
Metadata Update from @abbra: - Issue assigned to someone - Issue set to the milestone: Future Releases
Login to comment on this ticket.