On 11/05/2014 05:22 PM, Rob Verduijn wrote:
I saw in the upstream foreman-prepare-realm script that the new
permission names should include a prefix "System: "
That Prefix is not there, what did change was that some permissions
where no longer lower case only.
ie in 3.3.5 the permission is 'write dns configuration' and in 4.1 it
becomes 'Write DNS Configuration'
Rob
Right. There were some changes to IPA's default policy too, but I don't
think it should affect the Foreman proxy very much. For example there
are now permissions for reading data, but most are granted to all
authenticated users by default.
I've left some comments in the pull request.
2014-11-05 16:25 GMT+01:00 Petr Spacek <[email protected]
<mailto:[email protected]>>:
On 5.11.2014 16:20, Rob Verduijn wrote:
Hello,
Yes I noticed the name change it took me a while to realise it
was a known
ruby bug in katello that caused the real problem.
I also checked after I updated the 'katello integrated' update
from 3.3.5
to 4.1 and the permissions were neatly renamed to their new
counterparts.
However the internal dns no longer worked :(
So the permissions broke after upgrade to 4.1, right? pviktori, can
you give us some advice?
Thanks!
Petr^2 Spacek
Rob
2014-11-05 16:17 GMT+01:00 Stephen Benjamin <[email protected]
<mailto:[email protected]>>:
On Wed, Nov 05, 2014 at 09:41:59AM -0500, Rob Crittenden wrote:
Also when I look at the permissions in ipa there
are no longer any
permissions that have the 'System: ' prefix.
AFAIK the foreman proxy is not necessary (and not
supported) with IPA
4.x because it was obsoleted by 'native' proxy
delivered by Foreman
upstream.
Am I right, Rob (Crittenden)? :-)
I believe he's referring to the native smart proxy here.
It includes a
script to setup permissions. I guess it hasn't been
tested against a 4.x
IPA master.
The permissions have changed names in FreeIPA 4.0, which
means the
script won't work. I've tested this one against 4.1 on F21
and it
works:
https://raw.githubusercontent.__com/stbenjam/smart-proxy/8278/__sbin/foreman-prepare-realm
<https://raw.githubusercontent.com/stbenjam/smart-proxy/8278/sbin/foreman-prepare-realm>
There's an open pull request against foreman's Smart Proxy
to include
that in the next release:
https://github.com/theforeman/__smart-proxy/pull/231--
<https://github.com/theforeman/smart-proxy/pull/231-->
--
PetrĀ³
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
