[Freeipa-devel] [PATCH] 0005 User life cycle: del/mod/find/show stageuser commands

thierry bordaz tbordaz at redhat.com
Tue Apr 28 14:40:14 UTC 2015 

On 04/28/2015 10:40 AM, David Kupka wrote:
> On 04/28/2015 10:28 AM, thierry bordaz wrote:
>> On 04/28/2015 10:23 AM, David Kupka wrote:
>>> On 04/16/2015 01:00 PM, thierry bordaz wrote:
>>>> Hello,
>>>>
>>>>     Here is the next patch for User life cycle that introduces
>>>>     del/mod/find and show stageuser plugin commands.
>>>>
>>>>   * 0000-User Life Cycle (create containers and scoping  DS plugins):
>>>>     *pushed*
>>>>   * 0001-User-Life-Cycle-Exclude-subtree-for-ipaUniqueID-gene.patch:
>>>>     *pushed*
>>>>   * 0002-User-life-cycle-stageuser-add-verb.patch: *pushed*
>>>>   * 0007-User-life-cycle-allows-MODRDN-from-ldap2.patch: *pushed*
>>>>   * 0003-User-life-cycle-new-stageuser-commands-del-mod-find-*under
>>>>     review *(this one)**
>>>>   * 0004-User-life-cycle-new-stageuser-commands-activate.patch
>>>>   * 0005-User-life-cycle-new-stageuser-commands-activate-prov.patch
>>>>   * 0006-User-life-cycle-user-del-supports-permanently-preser.patch
>>>>   * 0008-User-life-cycle-user-find-support-finding-delete-use.patch
>>>>   * 0009-User-life-cycle-support-of-user-undel.patch
>>>>   * 0010-User-life-cycle-DNA-DS-plugin-should-exclude-provisi.patch
>>>>   * 0011-User-life-cycle-lockout-provisioning-stage-and-delet.patch
>>>>   * 0012-User-life-cycle-Create-stage-Admin-provisioning-acco.patch
>>>>   * 0013-User-life-cycle-Stage-Admin-permission-priviledge.patch
>>>>
>>>> Thanks
>>>> thierry
>>>>
>>>>
>>>>
>>>>
>>> Hi Thierry,
>>> thanks for the patch, the code looks good to me but there is probably
>>> a bug in ACIs.
>>> After creating a stage user and setting password for him I can kinit
>>> as the stage user. I'm unable to login to the IPA client and id
>>> command for this stage user responds "no such user" but I can kinit
>>> and invoke ipa commands.
>>>
>>> Steps:
>>> 0. build freeipa with your patch
>>> 1. # ipa-server-install
>>> 2. $ kinit admin
>>> 3. $ ipa stageuser-add suser0 --first Stage --last User --password
>>> 4. $ kdestroy
>>> 5. $ kinit suser0
>>> 6. $ ipa user-find
>>>
>>> Actual:
>>> Prints out list of ipa users.
>>>
>>> Expected:
>>> kinit fails with "suser0 at ... not found in Kerberos database"
>>>
>> Hi David,
>>
>> Thank you so much for having looked at this patch :-)
>> You are right. The Staging users (as well as the Delete users) are not
>> lockout in that patch.
>> The patch
>> 0011-User-life-cycle-lockout-provisioning-stage-and-delet.patch will
>> take care of this.
>>
>> Do you prefer that I merged the two patches right now ?
>>
>> thanks
>> thierry
>>
>
> Hi Thierry,
> no, it is not necessary to merge the patches it's ok to have it 
> separated. I'm not sure if the patch should be pushed now or rather 
> wait and push it together with the others.
> I'm looking forward to next ULC patches from you.
>


Hi David,

Here are all the available patches.
I also attach a test script that is a kind of regression tests that I am 
using.

Thanks again
thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0014-User-life-cycle-Add-Stage-User-Provisioning-permissi.patch
Type: text/x-patch
Size: 5606 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0013-User-life-cycle-Stage-user-Administrators-permission.patch
Type: text/x-patch
Size: 28975 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0012-User-life-cycle-DNA-DS-plugin-should-exclude-provisi.patch
Type: text/x-patch
Size: 989 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0011-User-life-cycle-lockout-provisioning-stage-and-delet.patch
Type: text/x-patch
Size: 1951 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0010-User-life-cycle-support-of-user-undel.patch
Type: text/x-patch
Size: 3911 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0009-User-life-cycle-user-find-support-finding-delete-use.patch
Type: text/x-patch
Size: 4128 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0008-User-life-cycle-user-del-supports-permanently-preser.patch
Type: text/x-patch
Size: 9201 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0007-User-life-cycle-new-stageuser-commands-activate-prov.patch
Type: text/x-patch
Size: 6445 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0006-User-life-cycle-new-stageuser-commands-activate.patch
Type: text/x-patch
Size: 16827 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0005-User-life-cycle-new-stageuser-commands-del-mod-find-.patch
Type: text/x-patch
Size: 22058 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: demo_ulc.sh
Type: application/x-shellscript
Size: 7781 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150428/f8ab2358/attachment-0010.bin>

More information about the Freeipa-devel mailing list