[Freeipa-devel] [PATCH] 0005 User life cycle: del/mod/find/show stageuser commands
David Kupka
dkupka at redhat.com
Tue Apr 28 08:23:25 UTC 2015
On 04/16/2015 01:00 PM, thierry bordaz wrote:
> Hello,
>
> Here is the next patch for User life cycle that introduces
> del/mod/find and show stageuser plugin commands.
>
> * 0000-User Life Cycle (create containers and scoping DS plugins):
> *pushed*
> * 0001-User-Life-Cycle-Exclude-subtree-for-ipaUniqueID-gene.patch:
> *pushed*
> * 0002-User-life-cycle-stageuser-add-verb.patch: *pushed*
> * 0007-User-life-cycle-allows-MODRDN-from-ldap2.patch: *pushed*
> * 0003-User-life-cycle-new-stageuser-commands-del-mod-find-*under
> review *(this one)**
> * 0004-User-life-cycle-new-stageuser-commands-activate.patch
> * 0005-User-life-cycle-new-stageuser-commands-activate-prov.patch
> * 0006-User-life-cycle-user-del-supports-permanently-preser.patch
> * 0008-User-life-cycle-user-find-support-finding-delete-use.patch
> * 0009-User-life-cycle-support-of-user-undel.patch
> * 0010-User-life-cycle-DNA-DS-plugin-should-exclude-provisi.patch
> * 0011-User-life-cycle-lockout-provisioning-stage-and-delet.patch
> * 0012-User-life-cycle-Create-stage-Admin-provisioning-acco.patch
> * 0013-User-life-cycle-Stage-Admin-permission-priviledge.patch
>
> Thanks
> thierry
>
>
>
>
Hi Thierry,
thanks for the patch, the code looks good to me but there is probably a
bug in ACIs.
After creating a stage user and setting password for him I can kinit as
the stage user. I'm unable to login to the IPA client and id command for
this stage user responds "no such user" but I can kinit and invoke ipa
commands.
Steps:
0. build freeipa with your patch
1. # ipa-server-install
2. $ kinit admin
3. $ ipa stageuser-add suser0 --first Stage --last User --password
4. $ kdestroy
5. $ kinit suser0
6. $ ipa user-find
Actual:
Prints out list of ipa users.
Expected:
kinit fails with "suser0 at ... not found in Kerberos database"
--
David Kupka
More information about the Freeipa-devel
mailing list