https://bugzilla.redhat.com/show_bug.cgi?id=782851 (Red Hat Enterprise Linux 6)
Description of problem: When adding a permission, only one target can be used. When prompting, all get prompted, even though one of them is already entered. For example, below, type is entered to be user, then there should be no further prompts for filter, subtree and targetgroup. # ipa permission-add Permission name: ManageUser3 Permissions: read [Attributes]: carlicense [Type]: user [Member of group]: [Filter]: [Subtree]: cn=users,cn=accounts,dc=testrelm [Target group]: ipa: ERROR: invalid 'target': type, filter, subtree and targetgroup are mutually exclusive Version-Release number of selected component (if applicable): freeipa-server-2.1.4-4.fc16.x86_64 How reproducible: always Steps to Reproduce: 1. run ipa permission-add as indicated above Actual results: After entering type to be user, there are still prompts for filter, subtree and targetgroup. If any values are entered for those, an error is thrown. Expected results: After type is entered to be user, then there should be no further prompts for filter, subtree and targetgroup. Additional info:
Might be a dup of #2355
Replying to [comment:5 dpal]:
I do not think this is a dup, #2281 is an enhancements of our interactive mode for permission-add, while #2235 relaxes our validator a bit.
But when when working on #2281, we need to be aware of #2281 and make sure that both filter and subtree can be added interactively.
filter
subtree
This aspect of permission-add was not given priority and is not planned to be completed as it does not add much value for permission-add command. The reported error is entirely clear what is wrong with the request.
I am thus moving this request to Deferred. If you disagree, please speak up.
I agree with Martin that the interactive asking is not very useful for permission-add.
Note that the command changed a lot since the issue was reported, and interactive asking is a bit worse than before. Either it should be removed (remove the ask_create flags), or someone should think about how it would be used and adjust the set of asked options accordingly.
Metadata Update from @mkosek: - Issue assigned to someone - Issue set to the milestone: Tickets Deferred
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.