Search filter contains attributes which are not allowed by ACI: hiprecord, spfrecord, tkeyrecord, tarecord, dhcidrecord, sigrecord, aplrecord, nsec3record, rprecord, dnskeyrecord
This prevent users with 'DNS Administrator' privilege to search zones.
How to reproduce:
kinit user ipa zone-find test <0 result returned> kinit admin ipa zone-find test <results>
Related ticket: #4934
freeipa-users thread: https://www.redhat.com/archives/freeipa-users/2015-June/msg00173.html
master:
ipa-4-2:
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1246141
Metadata Update from @mbasti: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.2.1
Login to comment on this ticket.