On Mon, 26 May 2014, Martin Kosek wrote:
On 05/26/2014 09:33 AM, Jan Cholasta wrote:
On 26.5.2014 07:49, Martin Kosek wrote:
> 5) modifying
> (in active) ipa user-mod tuser ...
> (in stage) ipa user-mod tuser --staged ...
Simo did not like this command, I would personally add it. As long as we
have "ipa user-add --staged", we should also have an option to delete
and modify user in staged area.
> (in del) ipa user-mod tuser --deleted ...
Is this acceptable for everyone? If yes, the next step would be for
Thierry to update the design page with new proposals.
Are users in different containers using the same uid allowed?
Say you had a John Doe (uid jdoe) working in a company couple years ago. jdoe
left and is now in deleted accounts tree. Jane Doe joins the company now and
question is - do we want to allow Jane taking the same uid as John had? I am
thinking we should not allow that. Maybe we should allow override with --force
or having a global option.
This is pretty much a company policy thing. Not everyone will even want
to have this workflow implemented and even if they would, a policy to
keep the same uid (as opposed to uidNumber) is a separate one.
Thus, I'd rather have it optional with --force or get uid transformed to
uid=deleted+jdoe,cn=users... and given a way to handle conflicts when
getting deleted uids resurrected.
/ Alexander Bokovoy
Freeipa-devel mailing list