$ ipa user-show --rights --all admin ... attributelevelrights: {u'telephonenumber': u'rscwo', ..., u'aci': u'none', u'krbpwdhistory': u'none', ...} ...
This means all client code needs to special-case 'none'. We should return an empty string instead.
Note that 'o' is a valid attrlevel right.
Is there a reason DS returns 'none', except the return value concatenates everything so an empty result could cause trouble when parsing? We return a Python/JSON dict so the empty string would not be a problem
It is probably python-ldap returning None.
I had the same thought, but given it's in a [RHDS doc page] and http://www.ietf.org/proceedings/52/I-D/draft-ietf-ldapext-acl-model-08.txt IETF draft, I doubt it's Python's None.
Given that the RFC calls for the word none it seems like it is doing the right thing and it is up to us to interpret it in a python-ey way.
DS returns none if now rights could be determined, so it is deliberate but I don't know what the reason was to do it like this
Moving stabilization tickets that do not affect FreeIPA 4.0 release usability in any significant way to 4.0.1 stabilization milestone.
master:
ipa-4-1:
ipa-4-0:
Rather internal change not reproducible in RHELs - no clone.
Metadata Update from @pviktori: - Issue assigned to pviktori - Issue set to the milestone: FreeIPA 4.0.1
Login to comment on this ticket.