URL: https://github.com/freeipa/freeipa/pull/444
Title: #444: Allow nsaccountlock to be searched in user-find commands

MartinBasti commented:
I found "not-sure-if" bug, nsaccountlock is not always specified (admin has it 
and any user after user-enable, that's why I didn't catch it during testing of 
PR) in LDAP tree, so search `user-find --disabled=false` returns only admin adn 
user that were explicitly enabled.

IMHO this is unexpected behavior for users, however expected from IPA framework 
What could we do to improve UX? Maybe on client side we should allow 
`--disabled` only as flag to prevent users to search in enabled users and get 
corrupted results.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to