New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
updates: fix memberManager ACI to allow managers from a specified group #6565
Conversation
The original implementation of the member manager added support for both user and group managers but left out upgrade scenario. This means when upgrading existing installation a manager whose rights defined by the group membership would not be able to add group members until the ACI is fixed. Remove old ACI and add a full one during upgrade step. Fixes: https://pagure.io/freeipa/issue/9286 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Upgrade test is an example how the ACI change applied:
When old ACI is not present, it is properly noted and the removal is skipped:
|
7e4a134
to
00c925c
Compare
Added a ticket https://pagure.io/freeipa/issue/9286 and updated commit message to reference it. This is ready for review. |
Hi @abbra Tested using the following scenario:
As idmuser, try to add a user to the group Upgrade with ipa-server-upgrade, retry the operation. The operation now succeeds. |
master:
|
The original implementation of the member manager added support for both user and group managers but left out upgrade scenario. This means when upgrading existing installation a manager whose rights defined by the group membership would not be able to add group members until the ACI is fixed.
Signed-off-by: Alexander Bokovoy abokovoy@redhat.com