[Freeipa-devel] inactivating yourself
David O'Brien
david.obrien at redhat.com
Mon Dec 3 08:41:57 UTC 2007
Rob Crittenden wrote:
> Came across and intriguing problem when working on group inactivation.
>
> With group inactivation you pick a group, select inactive and update it.
> This causes all group members, including recursively all groups, to be
> marked inactive.
>
> So what should we do if the current user happens to be a member of that
> group (or subgroup)?
>
> What currently happens is IPA throws up because once the user is
> inactivated their credentials are no longer accepted by FDS.
>
> So should we:
>
> 1. Let things go ahead and blow up (i.e. change nothing)
> 2. Do not let them deactivate anything they are a part of
> 3. Do all the deactivation except for their record
> 4. Something else
>
> Ideas?
>
> I'm leaning towards #2 myself.
>
> rob
>
did you get an answer to this?
--
David O'Brien <mailto:daobrien at redhat.com>
RHCT
PGP-KeyID: 0x443CBA7B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071203/64d7b3f0/attachment.sig>
More information about the Freeipa-devel
mailing list