On 05/23/2014 04:55 PM, Simo Sorce wrote:
On Fri, 2014-05-23 at 10:13 -0400, Rob Crittenden wrote:
This, I believe, has already been covered, but I'm concerned with the
(over)use of active/inactive in this discussion.
I think use of "inactive" and "active" to describe users might be
confusing since there is already an account enable/disable command.
on top of unlock, are there now 3 possible boolean states a user can
in? locked/unlocked, enabled/disabled, active/inactive, plus
deleted/active and staged/active?
Agree, we should only have "ipa user-unstage <username>" and not call
this operations with words like active/inactive.
User's in the staging area are not inactive, they are *not* users yet in
the first place.
Ok. Let us consolidate the decisions, I think we are now running in circles.
Let me start from Petr3's API proposal which was a functionally complete
proposal and start from there:
On 05/22/2014 10:47 AM, Petr Viktorin wrote:
> My proposal would be that the move commands use the verb for the target and an
> option for the source, and add/mod use an option for the container:
> 1) adding a new user
> (to active) ipa user-add tuser ...
> (to stage) ipa user-add tuser --staged ...
> (to deleted) ipa user-add tuser --deleted ... (*)
> 2) moving to main
> (from stage) ipa user-activate tuser (**)
> (from del) ipa user-activate tuser --deleted
We need both, alternative is Simo's proposal:
I personally like unstage and undelete commands, I would go with those.
> 3) moving to deleted
> (from active) ipa user-del tuser
> (from stage) ipa user-del tuser --staged
IMO staged deleted users should not be moved to deleted container, but simply
permanently deleted. As Simo noted, staged user are not real users, just
> 4) moving to stage
> (from active) ipa user-stage tuser
> (from del) ipa user-stage tuser --deleted
None of the commands are needed for the basic workflow.
> 5) modifying
> (in active) ipa user-mod tuser ...
> (in stage) ipa user-mod tuser --staged ...
Simo did not like this command, I would personally add it. As long as we have
"ipa user-add --staged", we should also have an option to delete and modify
user in staged area.
> (in del) ipa user-mod tuser --deleted ...
Is this acceptable for everyone? If yes, the next step would be for Thierry to
update the design page with new proposals.
Freeipa-devel mailing list