On 04/16/2014 03:41 PM, Simo Sorce wrote: > On Wed, 2014-04-16 at 15:08 +0200, Martin Kosek wrote: >> On 04/15/2014 04:55 PM, Petr Viktorin wrote: ... >>> [mepOriginEntry] >>> mepManagedEntry >> >> This is used to bind user to it's private group. We use it for example in >> group-detach command to distinguish between managed and non-managed groups. >> >> We may want to show it to all authenticated users. > > Do we need to ? > It is only interesting for internal/administrative operations.
After reading the code closely, I see we mostly decide whether an object is managed or not by present of the mepManagedEntry _objetclass_. Reading attribute may not be required if we do not want to display it. We just need to allow it for people operating group-detach command is it writes to it. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel