search

freeipa / freeipa-community-portal

[ABANDONED] FreeIPA Community Portal extension
GNU General Public License v3.0
4 stars 6 forks source link

create-portal-user: cannot add "System: Read User Addressbook" privilege #22

Open frasertweedale opened 8 years ago

frasertweedale commented 8 years ago 
[f22-6:~/dev/freeipa] [ master ] ftweedal% create-portal-user  
---------------------------------------------
Added privilege "Portal management privilege"
---------------------------------------------
  Privilege name: Portal management privilege
  Description: Portal privileges
ipa: ERROR: invalid 'permission': cannot add permission "System: Read User Addressbook Attributes" with bindtype "all" to a privilege
------------------------------
Added role "Portal management"
------------------------------
  Role name: Portal management
  Description: self-service portals
  Role name: Portal management
  Description: self-service portals
  Privileges: Portal management privilege
----------------------------
Number of privileges added 1
----------------------------
-------------------
Added user "portal"
-------------------
  User login: portal
  First name: Self
  Last name: Service
  Full name: Self Service
  Display name: Self Service
  Initials: SS
  Home directory: /home/portal
  GECOS: Self Service
  Login shell: /bin/sh
  Kerberos principal: portal@IPA.LOCAL
  Email address: portal@ipa.local
  UID: 729600012
  GID: 729600012
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
  Role name: Portal management
  Description: self-service portals
  Member users: portal
  Privileges: Portal management privilege
-------------------------
Number of members added 1
-------------------------
frasertweedale commented 8 years ago

More info: attempting to add the permission gives error:

invalid 'permission': cannot add permission "System: Read User Standard Attributes" with bindtype "anonymous" to a privilege

Likewise for the "Read User Addressbook" permission, which is not an "anonymous" but an "all" privilege.

IMO, we should add the permissions one-by-one and ignore if a permission cannot be added to the privilege with an error like this.

tiran commented 8 years ago

The problem has been addressed by PR #28. The new script prints a warning.