#658 Kerberos ticket policy field is undefined:
Closed: Fixed None Opened 13 years ago by admiyo.

From Kerberos Ticket Policy Details page, note that the label for the first field is 'undefined'


The field is the group id, which is the 'cn' field. This is not a value in 'takes_params', but it should be. Insdead, the UID field is specified at the primary key, but this looks like it is a mistake. Please confirm. If I can remove uid, and replace it with cn, assign this ticket back to me (ayoung)

The policy can be either set for a single user or for the whole realm, that's why uid is (correctly) specified as voluntary parameter. When it is specified, values for the policy are taken from:

dn: uid=<uid>,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com

when it is not specified, values are taken from:

dn: cn=<realm>,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com

My opinion is that the plugin should stay as it is now. I recommend approach similar to CLI - don't display the first row for the global ticket policy.

The ticket policy in UI should show only global policy. Tha allows for some heuristics in the UI. The individual user policies if any should be a separate section in the user details screens. This should be a pure UI bug. I do not see a need for any plugin and CLI changes here.

fixed in e66e29b

Note that this fix has the uid in it. We'll need to hide that field or use it depending on what is spec'ed next

Metadata Update from @admiyo:
- Issue assigned to jzeleny
- Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)

7 years ago

Login to comment on this ticket.

Metadata