[Freeipa-devel] [freeipa PR#444][comment] Allow nsaccountlock to be searched in user-find commands
MartinBasti
freeipa-github-notification at redhat.com
Tue Feb 14 17:32:10 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/444
Title: #444: Allow nsaccountlock to be searched in user-find commands
MartinBasti commented:
"""
I found "not-sure-if" bug, nsaccountlock is not always specified (admin has it and any user after user-enable, that's why I didn't catch it during testing of PR) in LDAP tree, so search `user-find --disabled=false` returns only admin adn user that were explicitly enabled.
IMHO this is unexpected behavior for users, however expected from IPA framework POW and LDAP POW.
What could we do to improve UX? Maybe on client side we should allow `--disabled` only as flag to prevent users to search in enabled users and get corrupted results.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/444#issuecomment-279776995
More information about the Freeipa-devel
mailing list