669548 – ipa permission-add: use same description for different permission gives error

Bug 669548 - ipa permission-add: use same description for different permission gives error

Summary: ipa permission-add: use same description for different permission gives error

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	freeIPA
Classification:	Retired
Component:	ipa-server
Sub Component:
Version:	2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-01-13 22:17 UTC by Yi Zhang
Modified:	2015-01-04 23:45 UTC (History)
CC List:	4 users (show)
Fixed In Version:	freeipa-2.0.0-1.fc15
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-03-28 09:40:38 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Yi Zhang 2011-01-13 22:17:27 UTC

Description of problem:

yi zhang wrote:
> Hi:
> I get the following error msg , is this a bug?
>
> I do re-use the value for "desc" and "permissions", but the value for
> "targetgroup" is different, How come the "entry already exists"?
>
> [yi@dhcp-137 ipa-delegation]$ ipa permission-add --desc='Manage group
> members' --permissions=write --targetgroup=group11448 manage_grp_11448
> ipa: ERROR: This entry already exists
>
> [yi@dhcp-137 ipa-delegation]$ ipa permission-find manage
> ---------------------
> 5 permissions matched
> ---------------------
> Permission name: manage_host_keytab
> Description: Manage host keytab
> Permissions: write
> Attributes: krbprincipalkey, krblastpwdchange
> Type: host
> Granted to Privilege: hostadmin, enrollhost
>
> Permission name: manage_service_keytab
> Description: Manage service keytab
> Permissions: write
> Attributes: krbprincipalkey, krblastpwdchange
> Type: service
> Granted to Privilege: serviceadmin, admins
>
> Permission name: manage_group_members
> Description: Manage group members
> Permissions: write
> Attributes: member
> Type: group
>
> Permission name: manage_host_keytab
> Description: Manage host keytab
> Permissions: write
> Attributes: krbprincipalkey, krblastpwdchange
> Type: host
> Granted to Privilege: hostadmin, enrollhost
>
> Permission name: manage_service_keytab
> Description: Manage service keytab
> Permissions: write
> Attributes: krbprincipalkey, krblastpwdchange
> Type: service
> Granted to Privilege: serviceadmin, admins
> ----------------------------
> Number of entries returned 5
> ----------------------------
>
>
> Thanks!
>

Ok, I see. The problem is that the descriptions of permissions are in the same namespace, so two permissions with the different names can't use the same description. Probably a bug.

rob 


Version-Release number of selected component (if applicable): ipa-server-2.0-0.2011011115gitc778919.fc14.i686


How reproducible:


Steps to Reproduce:
1.ipa-delegation]$ ipa permission-add --desc='Manage group
members' --permissions=write --targetgroup=group11448 manage_grp_11448 
2.ipa-delegation]$ ipa permission-add --desc='Manage group
members' --permissions=write --targetgroup=ipausers manage_grp 

  
Actual results:
ipa: ERROR: This entry already exists

Expected results:
permission added into ipa

Additional info:

Comment 1 Dmitri Pal 2011-01-13 23:52:20 UTC

https://fedorahosted.org/freeipa/ticket/764

Comment 2 Martin Kosek 2011-01-27 12:28:13 UTC

Fixed in 65a146cdca7c62301b5be978027a44d880424529.

Note You need to log in before you can comment on or make changes to this bug.