On 08/20/2014 03:48 PM, Nathaniel McCallum wrote:
On Wed, 2014-08-20 at 14:35 +0200, thierry bordaz wrote:
On 08/19/2014 10:46 PM, Nathaniel McCallum wrote:
Also, remove the attempt to load the objectClasses when absent. This
never makes sense during an add operation.
https://fedorahosted.org/freeipa/ticket/4455
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hello Nathaniel,
Reading the patch I have one novice remark. In the previous
code, 'objectclass' was added to 'entry_attr' in the case it
was missing in 'entry_attr' (at the condition
'ipatokenradiusconfiglink' was defined). In the new code, if
'objectclass' is missing it is not added. Is it ok ?
I don't think objectClass is ever missing. It must be specified in an
add operation. Attempting to load the attribute doesn't make sense when
you are adding the object.
Yes I agree.
Also, regarding the 'user life cycle'. Staging users are
candidate to become Active users. I wonder if Staging users
should also contain your fix that add the
ipaUserAuthTypeClass.
What code is this in?
Well it is not yet into master. stageuser plugin is still under review
(design is http://www.freeipa.org/page/V3/User_Life-Cycle_Management)
Now parts of stageuser_add code are close to user_add. When a stage user
is activated (stage user entry is move to Active container), it becomes
a full IPA user. This is why if a IPA user needs to be
'ipauserauthtypeclass' it impacts stage user. Either stageuser_add does
the same as user_add or stageuser_activate checks the need of
'ipauserauthtypeclass.
thanks
thierry
Nathaniel
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
