[Freeipa-devel] Ticket #2866 - referential integrity in IPA
Rich Megginson
rmeggins at redhat.com
Mon Aug 27 17:41:53 UTC 2012
On 08/27/2012 10:39 AM, John Dennis wrote:
> Just out of curiosity, I saw something this weekend while testing and
> I'm wondering if it's expected behavior or if referential integrity
> would address it.
>
> I was able to add a non-existent user to a group. Shouldn't that have
> been an error? Do we check for that in the ldap pre callback? Do we
> intend for referential integrity to catch those sorts of things?
No, no, and no.
>
> Or do we allow non-existent users to be members of group for some reason?
>
Yes, but not for some reason, but because it is allowed by LDAP.
More information about the Freeipa-devel
mailing list