[Freeipa-devel] Stageuser API

[David Kupka]

Hello everyone!

I've noticed that our API for stageuser is missing some commands that 
user has (stageuser-{add,remove}-{principal,cert}). I was wondering if 
there is reason for it but after asking some fellows developers it seems 
that there's none.

I understand the stageuser area as a place where user entry can be 
created and amended during the hiring process in organization, example:

1. HR creates the entry with just basic informations (givenname, 
surname, manager)
2. IT assigns basic account information (uid, gid)
3. based on to-be-employee manager's request IT adds additional group 
membership (memberOf)
4. based on to-be-employee request IT adds login alias (krbPrincipalName)
5. Security Officer adds certificate from Smart Card assigned to the 
to-be-employee
6. HR adds extra information to the account (address, marital status, ...)
7. Facilities update work place related information (seat number, phone 
number, ...)
8. At the first day IT activates the user account.

Considering this work flow I think it might be useful to have the same 
API for stageuser as for the user.

Does the example work flow make sense?
Should we provide the same set of commands for user and stageuser?

Thanks for your ideas and opinions!
-- 
David Kupka