Bug 807755 - [ipa webui] When adding permissions for a type, attributes that are not allowed are listed
[ipa webui] When adding permissions for a type, attributes that are not allow...
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
Depends On:
  Show dependency treegraph
Reported: 2012-03-28 11:41 EDT by Namita Soman
Modified: 2012-06-20 09:26 EDT (History)
3 users (show)

See Also:
Fixed In Version: ipa-2.2.0-9.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 09:26:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Namita Soman 2012-03-28 11:41:01 EDT
Description of problem:
Add a permission, choose it to be of type - say User. Select all attributes, but when adding, it throws error - 
"attribute(s) "member,memberuid,owner" not allowed"

If these attributes cannot be chosen, then they should not be available in the list.

Same situation for Type - Host, Service  where objectclass is not allowed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. In IPA Server - Role Based Access Control - Permissions, click Add to add a new permission
2. Enter permission name, permissions, select Target to be Type, select Type to be User, either selct all attributes, or for User - select member, memberuid, and owner

Actual results:
throws error - 
"attribute(s) "member,memberuid,owner" not allowed"

Expected results:
If these attributes are not allowed, should not be on list to choose from

Additional info:
Comment 2 Namita Soman 2012-03-28 12:10:25 EDT
Also - the attribute list is not the same always...or so it seems...
Now when I try to add Permission of Type User, member is not listed...good, but
another set on unavailable attributes are listed, and so got error:
attribute(s) "ipasshpubkey,krbmaxrenewableage,krbmaxticketlife,krbticketflags"
not allowed

Not sure  of the series of steps I took to get this attribute list.
Comment 3 Martin Kosek 2012-03-29 04:54:52 EDT
Upstream ticket:
Comment 4 Namita Soman 2012-03-30 10:47:55 EDT
Add a permission as Type - User Group, and choose "description" as an attribute.
Edit this permission, and change Type to be - Service. Scroll to bottomw of attributes, and description is listed and checked. But description is not a valid attribute for Service. So when 'Update' is clicked - throws error - attribute(s) "description" not allowed.

When Type is changed, attribute list should be refreshed and if still applicable should be chosen. And if Type is reverted back, previously chosen attributes should be back as chosen.
Comment 5 Petr Vobornik 2012-04-10 08:03:22 EDT
Original issue fixed upstream.

master: 31f156241959df107e361c2a8a81adc1cf6eb881

ipa-2-2: d5ae74e613ad61ea7898ce45f300c86bc38fcc86

For second one (Comment 4) can you please open new BZ so we can triage it.
Comment 6 Namita Soman 2012-04-10 08:32:03 EDT
Opened new bug 811207 for comment 4
Comment 9 Petr Vobornik 2012-04-26 09:40:00 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    New Contents:
No documentation needed.
Comment 10 Namita Soman 2012-05-03 09:57:49 EDT
verified using ipa-server-2.2.0-12.el6.x86_64

attributes are listed correctly for each type
Comment 12 errata-xmlrpc 2012-06-20 09:26:03 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.