On 04/16/2014 03:41 PM, Simo Sorce wrote:
> On Wed, 2014-04-16 at 15:08 +0200, Martin Kosek wrote:
>> On 04/15/2014 04:55 PM, Petr Viktorin wrote:
>> This is used to bind user to it's private group. We use it for example in
>> group-detach command to distinguish between managed and non-managed groups.
>> We may want to show it to all authenticated users.
> Do we need to ?
> It is only interesting for internal/administrative operations.
After reading the code closely, I see we mostly decide whether an object is
managed or not by present of the mepManagedEntry _objetclass_. Reading
attribute may not be required if we do not want to display it.
We just need to allow it for people operating group-detach command is it writes
Freeipa-devel mailing list