#438 not all rights returned when passing rights: true
Closed: Invalid None Opened 13 years ago by admiyo.

Not all fields are returned. Notice, for example that Title is missing.

request is
{"method":"user_show","params":[["admin"],{"all":true,"rights":true}],"id":2}

fragment of response
result": {
"attributelevelrights": {
"aci": "rscwo",
"cn": "rscwo",
"description": "rscwo",
"gecos": "rscwo",
"gidnumber": "rscwo",
"homedirectory": "rscwo",
"inetuserhttpurl": "rscwo",
"inetuserstatus": "rscwo",
"ipauniqueid": "rsc",
"krbcanonicalname": "rscwo",
"krbextradata": "rscwo",
"krblastfailedauth": "rscwo",
"krblastpwdchange": "rscwo",
"krblastsuccessfulauth": "rscwo",
"krbloginfailedcount": "rscwo",
"krbmaxrenewableage": "rscwo",
"krbmaxticketlife": "rscwo",
"krbpasswordexpiration": "rscwo",
"krbprincipalaliases": "rscwo",
"krbprincipalexpiration": "rscwo",
"krbprincipalkey": "wo",
"krbprincipalname": "rscwo",
"krbprincipaltype": "rscwo",
"krbpwdhistory": "rscwo",
"krbpwdpolicyreference": "rscwo",
"krbticketflags": "rscwo",
"krbticketpolicyreference": "rscwo",
"krbupenabled": "rscwo",
"loginshell": "rscwo",
"memberof": "rsc",
"mepmanagedentry": "rscwo",
"nsaccountlock": "rscwo",
"objectclass": "rscwo",
"seealso": "rscwo",
"sn": "rscwo",
"telephonenumber": "rscwo",
"uid": "rscwo",
"uidnumber": "rscwo",
"userpassword": "wo"
},


We're going to need to pass the list of desired attributes to the GER call.

This is because the admin user has a slightly reduced set of objectclasses than a typical user The question is whether we want to add the missing objectclasses. I'm not sure things like title make sense for what is essentially a root user.

I'm open to suggestions.

I think we explicitly omitted the person objectlass and derivatives to avoid having "admin" show up as a contact when people attach to the ldap server to use it as a people directory.

The reason is that admin is just an administrative user and not a real user, so all the additional information that pertain to a person is meaningless here.

I think we must cope with users not having all the attributes we want, and just do our best with what is available. This is because a user may add a new plugin that adds new data to some user, but the admin may decide not to touch old existing users. So copying with users that have different sets of objectclasses/attributes should be supported.

As per my comment #1, I check the original bug reports on DS and found that I had actually requested that we get a list of all possible attributes when searching on "*" which we do, so if an attribute doesn't show up it is either operational or not available.

Metadata Update from @admiyo:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.0 - 2010/11

7 years ago

Login to comment on this ticket.

Metadata