On 04/28/2015 10:23 AM, David Kupka wrote:
On 04/16/2015 01:00 PM, thierry bordaz wrote:
Here is the next patch for User life cycle that introduces
del/mod/find and show stageuser plugin commands.
* 0000-User Life Cycle (create containers and scoping DS plugins):
* 0002-User-life-cycle-stageuser-add-verb.patch: *pushed*
* 0007-User-life-cycle-allows-MODRDN-from-ldap2.patch: *pushed*
review *(this one)**
thanks for the patch, the code looks good to me but there is probably
a bug in ACIs.
After creating a stage user and setting password for him I can kinit
as the stage user. I'm unable to login to the IPA client and id
command for this stage user responds "no such user" but I can kinit
and invoke ipa commands.
0. build freeipa with your patch
1. # ipa-server-install
2. $ kinit admin
3. $ ipa stageuser-add suser0 --first Stage --last User --password
4. $ kdestroy
5. $ kinit suser0
6. $ ipa user-find
Prints out list of ipa users.
kinit fails with "suser0@... not found in Kerberos database"
Thank you so much for having looked at this patch :-)
You are right. The Staging users (as well as the Delete users) are not
lockout in that patch.
take care of this.
Do you prefer that I merged the two patches right now ?
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code