When the first created ACI is invalid, permission object is created but the ACI is missing:
# ipa permission-add test --attrs foo --permission read --type user ipa: ERROR: targetattr "foo" does not exist in schema. Please add attributeTypes "foo" to schema if necessary. ACL Syntax Error(-5):(targetattr = \22foo\22)(targetfilter = \22(objectclass=posixaccount)\22)(version 3.0;acl \22permission:test\22;allow (read) groupdn = \22ldap:///cn=test,cn=permissions,cn=pbac,dc=example,dc=com\22;): Invalid syntax. # ipa permission-show test --all --raw ipa: ERROR: The ACI for permission test was not found in cn=users,cn=accounts,dc=example,dc=com
This is happening in 3.4 devel version.
master:
Metadata Update from @mkosek: - Issue assigned to pviktori - Issue set to the milestone: FreeIPA 4.0 - 2014/03
Login to comment on this ticket.