https://bugzilla.redhat.com/show_bug.cgi?id=785254 (Red Hat Enterprise Linux 6)
Description of problem: 1> using an invalid subtree filter does not throw any error 2> using a valid subtree filter brings back all permissions Find one of the existing permissions: Permission name: Write IPA Configuration Permissions: write Attributes: ipausersearchfields, ipagroupsearchfields, ipasearchtimelimit, ipasearchrecordslimit, ipacustomfields, ipahomesrootdir, ipadefaultloginshell, ipadefaultprimarygroup, ipamaxusernamelength, ipapwdexpadvnotify, ipauserobjectclasses, ipagroupobjectclasses, ipadefaultemaildomain, ipamigrationenabled, ipacertificatesubjectbase, ipaconfigstring Subtree: ldap:///cn=ipaconfig,cn=etc,dc=testrelm,dc=com Granted to Privilege: Write IPA Configuration Tried: ipa permission-find --subtree="ldap:///cn=ipaconfig,cn=etc,dc=testrelm,dc=com" ipa permission-find --subtree="ldap:\/\/\/cn=ipaconfig,cn=etc,dc=testrelm,dc=com" ipa permission-find --subtree="cn=ipaconfig,cn=etc,dc=testrelm,dc=com" All 3 above attempts brought back all permissions Version-Release number of selected component (if applicable): ipa-server-2.2.0-101.20120123T0157zgit64cf8a4.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Find a permission using subtree as mentioned above Actual results: All permissions are brought back Expected results: Only the matching permission to be listed. If subtree filter is incorrect, error should be displayed. If the subtree filter doesn't match any permission, then bring back 0 permissions with message that 0 permissions matched. Additional info:
The code is very clear why this isn't working:
# TODO: searching by: subtree
attachment freeipa-rcrit-1013-subtree.patch
Note that we don't do validation on search terms so we aren't going to report whether a subtree is valid or not, just which entries match.
master: 26ab9a5
Metadata Update from @mkosek: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.0 Core Effort - 2012/05
Log in to comment on this ticket.