Hide Forgot
Description of problem: Add a permission, choose it to be of type - say User. Select all attributes, but when adding, it throws error - "attribute(s) "member,memberuid,owner" not allowed" If these attributes cannot be chosen, then they should not be available in the list. Same situation for Type - Host, Service where objectclass is not allowed. Version-Release number of selected component (if applicable): ipa-server-2.2.0-5.el6.x86_64 How reproducible: always Steps to Reproduce: 1. In IPA Server - Role Based Access Control - Permissions, click Add to add a new permission 2. Enter permission name, permissions, select Target to be Type, select Type to be User, either selct all attributes, or for User - select member, memberuid, and owner Actual results: throws error - "attribute(s) "member,memberuid,owner" not allowed" Expected results: If these attributes are not allowed, should not be on list to choose from Additional info:
Also - the attribute list is not the same always...or so it seems... Now when I try to add Permission of Type User, member is not listed...good, but another set on unavailable attributes are listed, and so got error: attribute(s) "ipasshpubkey,krbmaxrenewableage,krbmaxticketlife,krbticketflags" not allowed Not sure of the series of steps I took to get this attribute list.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2590
Also..... Add a permission as Type - User Group, and choose "description" as an attribute. Edit this permission, and change Type to be - Service. Scroll to bottomw of attributes, and description is listed and checked. But description is not a valid attribute for Service. So when 'Update' is clicked - throws error - attribute(s) "description" not allowed. Expected: When Type is changed, attribute list should be refreshed and if still applicable should be chosen. And if Type is reverted back, previously chosen attributes should be back as chosen.
Original issue fixed upstream. master: 31f156241959df107e361c2a8a81adc1cf6eb881 ipa-2-2: d5ae74e613ad61ea7898ce45f300c86bc38fcc86 For second one (Comment 4) can you please open new BZ so we can triage it.
Opened new bug 811207 for comment 4
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
verified using ipa-server-2.2.0-12.el6.x86_64 attributes are listed correctly for each type
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html