[Freeipa-devel] [PATCH] 0003-2 User life cycle: new stageuser plugin with add verb

thierry bordaz tbordaz at redhat.com
Tue Feb 3 10:43:23 UTC 2015 

On 09/17/2014 12:32 PM, thierry bordaz wrote:
> On 09/01/2014 01:08 PM, Petr Viktorin wrote:
>> On 08/08/2014 03:54 PM, thierry bordaz wrote:
>>> Hi,
>>>
>>> The attached patch is related to 'User Life Cycle'
>>> (https://fedorahosted.org/freeipa/ticket/3813)
>>>
>>> It creates a stageuser plugin with a first function stageuser-add. 
>>> Stage
>>> user entries are provisioned under 'cn=staged
>>> users,cn=accounts,cn=provisioning,SUFFIX'.
>>>
>>> Thanks
>>> thierry
>>
>> Avoid `from ipalib.plugins.baseldap import *` in new code; instead 
>> import the module itself and use e.g. `baseldap.LDAPObject`.
>>
>> The stageuser help (docstring) is copied from the user plugin, and 
>> discusses things like account lockout and disabling users. It should 
>> rather explain what stageuser itself does. (And I don't very much 
>> like the Note about the interface being badly designed...)
>> Also decide if the docs should call it "staged user" or "stage user" 
>> or "stageuser".
>>
>> A lot of the code is copied and pasted over from the users plugin. 
>> Don't do that. Either import things (e.g. validate_nsaccountlock) 
>> from the users plugin, or move the reused code into a shared module.
>>
>> For the `user` object, since so much is the same, it might be best to 
>> create a common base class for user and stageuser; and similarly for 
>> the Command plugins.
>>
>> The default permissions need different names, and you don't need 
>> another copy of the 'non_object' ones. Also, run the makeaci script.
>>
> Hello,
>
>     This modified patch is mainly moving common base class into a new
>     plugin: accounts.py. user/stageuser plugin inherits from accounts.
>     It also creates a better description of what are stage user, how
>     to add a new stage user, updates ACI.txt and separate active/stage
>     user managed permissions.
>
> thanks
> thierry
>
>
>
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Modified patches with David inputs.. thanks for the reviews



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150203/9d0ee311/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0002-User-Life-Cycle-Exclude-tree-ipaUniqueID-generation.patch
Type: text/x-patch
Size: 2556 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150203/9d0ee311/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0003-3-User-life-cycle-stageuser-add-verb.patch
Type: text/x-patch
Size: 88905 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150203/9d0ee311/attachment-0001.bin>

More information about the Freeipa-devel mailing list