Here's what is returned.
"attributelevelrights": { "aci": "rscwo", "businesscategory": "rscwo", "cn": "rscwo", "description": "rscwo", "ipapermissiontype": "rscwo", "member": "rscwo", "nsaccountlock": "rscwo", "o": "rscwo", "objectclass": "rscwo", "ou": "rscwo", "owner": "rscwo", "seealso": "rscwo" },
This is because those aren't LDAP attributes. In effect they are part of aci.
Will need to find a generic way to add rights on the fly to the metadata.
Does it belong to 2.0.1? Seems like something that we might want to defer and fix in 2.1. Move back if you disagree.
We can probably work around it for 2.0.1. This should be fixed for 2.1
The only thing it breaks right now is the text box used for the Filter field. THat is because the d the other target types use custom widgets that don't currently check the ACIs. Since the ACI page will only be shown to admins, it is probably OK for the short term, but it might freak people out in the longer, term, to see and seemingly be able to edit the ACIs.
attachment freeipa-rcrit-771-permission.patch
master: ccde115
ipa-2-0: 6be121e
Metadata Update from @admiyo: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1 - 2011/08 (Final)
Login to comment on this ticket.