On 04/28/2015 10:28 AM, thierry bordaz wrote:
On 04/28/2015 10:23 AM, David Kupka wrote:
On 04/16/2015 01:00 PM, thierry bordaz wrote:
Here is the next patch for User life cycle that introduces
del/mod/find and show stageuser plugin commands.
* 0000-User Life Cycle (create containers and scoping DS plugins):
* 0002-User-life-cycle-stageuser-add-verb.patch: *pushed*
* 0007-User-life-cycle-allows-MODRDN-from-ldap2.patch: *pushed*
review *(this one)**
thanks for the patch, the code looks good to me but there is probably
a bug in ACIs.
After creating a stage user and setting password for him I can kinit
as the stage user. I'm unable to login to the IPA client and id
command for this stage user responds "no such user" but I can kinit
and invoke ipa commands.
0. build freeipa with your patch
1. # ipa-server-install
2. $ kinit admin
3. $ ipa stageuser-add suser0 --first Stage --last User --password
4. $ kdestroy
5. $ kinit suser0
6. $ ipa user-find
Prints out list of ipa users.
kinit fails with "suser0@... not found in Kerberos database"
Thank you so much for having looked at this patch :-)
You are right. The Staging users (as well as the Delete users) are not
lockout in that patch.
take care of this.
Do you prefer that I merged the two patches right now ?
no, it is not necessary to merge the patches it's ok to have it
separated. I'm not sure if the patch should be pushed now or rather wait
and push it together with the others.
I'm looking forward to next ULC patches from you.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code