[2024-07-22 08:58] Rob Crittenden via FreeIPA-users <[email protected]> > Philipp Takacs via FreeIPA-users wrote: > > Hello > > > > I currently play a bit around with stage user. The plan is to allow > > a specific group to create stage user and then let an admin activate > > this user. I wanted to know if the UID is checked for dublicates > > so I created a stage user with the same UID as mine. This creates > > a stage user without an error or warning. > > > > Problem is now the user account with the same UID didn't work anymore. > > This is a bit suprising. Because this way anyone who can create stage > > users can practicaly disable active users. Is there some sort of > > workaround for this other then only allow only admins to create stage > > users? > > This is working as designed. https://pagure.io/freeipa/issue/5186
I have seen this ticket, thats why I have tested if this is still the case. Not having duplicated check is more or less ok, because this will fail on activate the account. > There was a suggestion to add a flag to check for duplicates but was > never completed. > > Those users delegated the power to add stage users will need to > understand this implication. It will be logged when a stage user is > added so you'll be able to trace back if someone adds a duplicate. What bugs me, that creating a staged user will practicaly disable an active user. This makes the stage user feature very fragile. I also don't understand why this is the case. Because the staged user is in a different ldap subtree. Why should any system check at this subtree to authenticate or authorize a user? Philipp -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
