Philipp Takacs via FreeIPA-users wrote: > Hello > > I currently play a bit around with stage user. The plan is to allow > a specific group to create stage user and then let an admin activate > this user. I wanted to know if the UID is checked for dublicates > so I created a stage user with the same UID as mine. This creates > a stage user without an error or warning. > > Problem is now the user account with the same UID didn't work anymore. > This is a bit suprising. Because this way anyone who can create stage > users can practicaly disable active users. Is there some sort of > workaround for this other then only allow only admins to create stage > users?
This is working as designed. https://pagure.io/freeipa/issue/5186 There was a suggestion to add a flag to check for duplicates but was never completed. Those users delegated the power to add stage users will need to understand this implication. It will be logged when a stage user is added so you'll be able to trace back if someone adds a duplicate. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
