Hello everyone!

I've noticed that our API for stageuser is missing some commands that user has (stageuser-{add,remove}-{principal,cert}). I was wondering if there is reason for it but after asking some fellows developers it seems that there's none.


I understand the stageuser area as a place where user entry can be created and amended during the hiring process in organization, example:

1. HR creates the entry with just basic informations (givenname, surname, manager)
2. IT assigns basic account information (uid, gid)
3. based on to-be-employee manager's request IT adds additional group membership (memberOf)
4. based on to-be-employee request IT adds login alias (krbPrincipalName)
5. Security Officer adds certificate from Smart Card assigned to the to-be-employee
6. HR adds extra information to the account (address, marital status, ...)
7. Facilities update work place related information (seat number, phone number, ...)
8. At the first day IT activates the user account.

Considering this work flow I think it might be useful to have the same API for stageuser as for the user.

Does the example work flow make sense?
Should we provide the same set of commands for user and stageuser?

Thanks for your ideas and opinions!
--
David Kupka

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to