<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi,<br>
      <br>
      It worked like a charm.<br>
      I had a problem to commit it because of the VERSION stuff that
      changed.<br>
      <br>
      Except that (changing VERSION), the fix looks good to me<br>
      <br>
      thanks<br>
      thierry<br>
      On 08/18/2015 07:21 PM, Martin Basti wrote:<br>
    </div>
    <blockquote cite="mid:55D36984.4010203@redhat.com" type="cite">
      <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
      Thank you for the patch, I checked it, I just changed permission
      name to have all first letters in uppercase as others.<br>
      Updated merged patch attached.<br>
      <br>
      <div class="moz-cite-prefix">On 08/18/2015 05:34 PM, thierry
        bordaz wrote:<br>
      </div>
      <blockquote cite="mid:55D35097.6010902@redhat.com" type="cite">
        <meta content="text/html; charset=UTF-8"
          http-equiv="Content-Type">
        <div class="moz-cite-prefix">On 08/18/2015 04:13 PM, thierry
          bordaz wrote:<br>
        </div>
        <blockquote cite="mid:55D33D81.301@redhat.com" type="cite">
          <meta content="text/html; charset=UTF-8"
            http-equiv="Content-Type">
          <div class="moz-cite-prefix">On 08/18/2015 04:04 PM, Martin
            Basti wrote:<br>
          </div>
          <blockquote cite="mid:55D33B6D.7050701@redhat.com" type="cite">
            <meta content="text/html; charset=UTF-8"
              http-equiv="Content-Type">
            <br>
            <br>
            <div class="moz-cite-prefix">On 08/18/2015 03:49 PM, thierry
              bordaz wrote:<br>
            </div>
            <blockquote cite="mid:55D33804.6000201@redhat.com"
              type="cite">
              <meta content="text/html; charset=UTF-8"
                http-equiv="Content-Type">
              <div class="moz-cite-prefix">On 08/18/2015 03:06 PM,
                Martin Basti wrote:<br>
              </div>
              <blockquote cite="mid:55D32DD3.3050501@redhat.com"
                type="cite">
                <meta content="text/html; charset=UTF-8"
                  http-equiv="Content-Type">
                <br>
                <br>
                <div class="moz-cite-prefix">On 08/18/2015 11:32 AM,
                  thierry bordaz wrote:<br>
                </div>
                <blockquote cite="mid:55D2FBAC.2030801@redhat.com"
                  type="cite">
                  <meta content="text/html; charset=UTF-8"
                    http-equiv="Content-Type">
                  <div class="moz-cite-prefix">On 08/18/2015 10:02 AM,
                    Martin Basti wrote:<br>
                  </div>
                  <blockquote cite="mid:55D2E68F.7080601@redhat.com"
                    type="cite">
                    <meta content="text/html; charset=UTF-8"
                      http-equiv="Content-Type">
                    <br>
                    <br>
                    <div class="moz-cite-prefix">On 08/18/2015 09:59 AM,
                      thierry bordaz wrote:<br>
                    </div>
                    <blockquote cite="mid:55D2E5C9.7030703@redhat.com"
                      type="cite">
                      <meta content="text/html; charset=UTF-8"
                        http-equiv="Content-Type">
                      <div class="moz-cite-prefix">On 08/18/2015 09:55
                        AM, Martin Basti wrote:<br>
                      </div>
                      <blockquote cite="mid:55D2E4E0.6010005@redhat.com"
                        type="cite">
                        <meta content="text/html; charset=UTF-8"
                          http-equiv="Content-Type">
                        <br>
                        <br>
                        <div class="moz-cite-prefix">On 08/18/2015 09:50
                          AM, thierry bordaz wrote:<br>
                        </div>
                        <blockquote
                          cite="mid:55D2E3C1.2030404@redhat.com"
                          type="cite">
                          <meta content="text/html; charset=UTF-8"
                            http-equiv="Content-Type">
                          <div class="moz-cite-prefix">On 08/17/2015
                            08:33 PM, Martin Basti wrote:<br>
                          </div>
                          <blockquote
                            cite="mid:55D2290F.3030509@redhat.com"
                            type="cite">Hello, <br>
                            <br>
                            the 'user-stage' command replaces
                            'stageuser-add --from-delete' command. <br>
                            <a moz-do-not-send="true"
                              class="moz-txt-link-freetext"
                              href="https://fedorahosted.org/freeipa/ticket/5041">https://fedorahosted.org/freeipa/ticket/5041</a>
                            <br>
                            <br>
                            Thierry can you check If I don't break
                            everything, it works for me, but the one
                            never knows. <br>
                            <br>
                            Honza can you please check the framework
                            side? I use self.api.Object.stageuser.add.*
                            in user command, I'm not sure if this is
                            right way, but it works. <br>
                            <br>
                            Patch attached. I created it in hurry, I'm
                            expecting NACK :D <br>
                            <br>
                            <br>
                            Just question at the end: should I implement
                            way Active user -> stageuser? IMHO it
                            would be implemented internally by calling
                            'user-del --preserve' inside 'user-stage'. <br>
                            <br>
                            <br>
                            <br>
                          </blockquote>
                          <font face="Times New Roman, Times, serif">Hi
                            Martin,<br>
                            <br>
                            There is a small failure with VERSION
                            (edewata pushed his patch first ;-) )<br>
                            <br>
                          </font>
                          <blockquote><tt>git apply -v
                              /tmp/freeipa-mbasti-0297-Add-user-stage-command.patch</tt><br>
                            <tt>Checking patch API.txt...</tt><br>
                            <tt>Checking patch VERSION...</tt><br>
                            <tt>error: while searching for:</tt><br>
                            <tt>#                                                     







                              #</tt><br>
                            <tt>########################################################</tt><br>
                            <tt>IPA_API_VERSION_MAJOR=2</tt><br>
                            <tt>IPA_API_VERSION_MINOR=148</tt><br>
                            <tt># Last change: ftweedal - add --out
                              option to user-show</tt><br>
                            <br>
                            <tt>error: patch failed: VERSION:90</tt><br>
                            <tt>error: VERSION: patch does not apply</tt><br>
                            <tt>Checking patch
                              ipalib/plugins/stageuser.py...</tt><br>
                            <tt>Checking patch ipalib/plugins/user.py...</tt><br>
                          </blockquote>
                          <font face="Times New Roman, Times, serif"><br>
                          </font> </blockquote>
                        There is many pending patches that may change
                        VERSION number, I will change it to right one
                        before push.<br>
                        <br>
                        Does code looks good for you?<br>
                      </blockquote>
                      <font face="Times New Roman, Times, serif">Hi
                        Martin,<br>
                        <br>
                        Just a question, there is no additional
                        permission. Did you test being 'admin' ?<br>
                        <br>
                        thanks<br>
                        theirry<br>
                      </font> </blockquote>
                    No I didn't,.<br>
                    <br>
                    I preserver all permission, the original permissions
                    should work.<br>
                    <br>
                    Martin<br>
                  </blockquote>
                  <font face="Times New Roman, Times, serif">Hi Martin,<br>
                    <br>
                    Running a test script, I have an issue with<br>
                    <br>
                  </font>
                  <blockquote><tt>ipa stageuser-add --first=t --last=b
                      tb1</tt><br>
                    <tt>ipa: ERROR: an internal error has occurred</tt><br>
                    <br>
                    <br>
                    <tt>[Tue Aug 18 11:16:56.440658 2015] [wsgi:error]
                      [pid 10486] ipa: INFO: [jsonserver_kerb] <a
                        moz-do-not-send="true"
                        class="moz-txt-link-abbreviated"
                        href="mailto:stageadm@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM">stageadm@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM</a>:
                      stageuser_add(u'tb1', givenname=u't', sn=u'b',
                      cn=u't b', displayname=u't b', initials=u'tb',
                      gecos=u't b', krbprincipalname=u'<a
                        moz-do-not-send="true"
                        class="moz-txt-link-abbreviated"
                        href="mailto:tb1@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM">tb1@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM</a>',







                      random=False, all=False, raw=False,
                      version=u'2.149', no_members=False):
                      AttributeError</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198021 2015] [wsgi:error]
                      [pid 10485] ipa: ERROR: non-public:
                      AttributeError: 'DN' object has no attribute
                      'setdefault'</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198053 2015] [wsgi:error]
                      [pid 10485] Traceback (most recent call last):</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198058 2015] [wsgi:error]
                      [pid 10485]   File
                      "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py",
                      line 347, in wsgi_execute</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198062 2015] [wsgi:error]
                      [pid 10485]     result = self.Command[name](*args,
                      **options)</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198066 2015] [wsgi:error]
                      [pid 10485]   File
                      "/usr/lib/python2.7/site-packages/ipalib/frontend.py",
                      line 443, in __call__</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198070 2015] [wsgi:error]
                      [pid 10485]     ret = self.run(*args, **options)</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198081 2015] [wsgi:error]
                      [pid 10485]   File
                      "/usr/lib/python2.7/site-packages/ipalib/frontend.py",
                      line 760, in run</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198133 2015] [wsgi:error]
                      [pid 10485]     return self.execute(*args,
                      **options)</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198139 2015] [wsgi:error]
                      [pid 10485]   File
                      "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py",
                      line 1227, in execute</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198144 2015] [wsgi:error]
                      [pid 10485]     *keys, **options)</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198147 2015] [wsgi:error]
                      [pid 10485]   File
                      "/usr/lib/python2.7/site-packages/ipalib/plugins/stageuser.py",
                      line 373, in pre_callback</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198151 2015] [wsgi:error]
                      [pid 10485]     attrs_list, *keys, **options)</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198155 2015] [wsgi:error]
                      [pid 10485]   File
                      "/usr/lib/python2.7/site-packages/ipalib/plugins/stageuser.py",
                      line 277, in set_default_values_pre_callback</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198159 2015] [wsgi:error]
                      [pid 10485]    
                      entry_attrs.setdefault('description', [])</tt><br>
                    <tt>[Tue Aug 18 11:21:25.198163 2015] [wsgi:error]
                      [pid 10485] AttributeError: 'DN' object has no
                      attribute 'setdefault'</tt><br>
                    <tt>[Tue Aug 18 11:21:25.199276 2015] [wsgi:error]
                      [pid 10485] ipa: INFO: [jsonserver_session] <a
                        moz-do-not-send="true"
                        class="moz-txt-link-abbreviated"
                        href="mailto:stageadm@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM">stageadm@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM</a>:
                      stageuser_add(u'tb1', givenname=u't', sn=u'b',
                      cn=u't b', displayname=u't b', initials=u'tb',
                      gecos=u't b', krbprincipalname=u'<a
                        moz-do-not-send="true"
                        class="moz-txt-link-abbreviated"
                        href="mailto:tb1@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM">tb1@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM</a>',







                      random=False, all=False, raw=False,
                      version=u'2.149', no_members=False):
                      AttributeError</tt><br>
                  </blockquote>
                  <font face="Times New Roman, Times, serif"><br>
                    The new set_default_values_pre_callback, can not use
                    the set_default function. It is not clear why.
                    entry_attrs is one of pre_callback parameter.<br>
                    Should </font><font face="Times New Roman, Times,
                    serif">set_default_values_pre_callback be a
                    subfonction of pre_callback ?<br>
                    <br>
                    <br>
                    thanks<br>
                    thierry<br>
                  </font> </blockquote>
                <br>
                Thank you,<br>
                <br>
                updated patch attached.<br>
              </blockquote>
              <br>
              <font face="Times New Roman, Times, serif">So far, tests
                are ok.<br>
                Just one comment, the 'user-stage' command description
                is wrong, as it moves an active user into the staged
                area<br>
                <br>
              </font><tt>user-stage                             Move
                deleted user into staged area</tt><font face="Times New
                Roman, Times, serif"><br>
              </font> </blockquote>
            No, it's not doing that.<br>
            <br>
            user-stage is replacement of stageuser-add --from-delete, it
            doesn't work for active users.<br>
            The support to move active user to staged area is RFE, I did
            not implemented it yet, and I dont know if this will fit IPA
            4.2 timeframe<br>
          </blockquote>
          <font face="Times New Roman, Times, serif">Ok. thanks. <br>
            Sure user-stage (active->stage) will not fit into IPA 4.2
            timeframe.<br>
            <br>
            Running the tests being admin, there is no problem.<br>
            I have a permission issue, when running as 'Stage
            administrator'. The 'delete' entry being moved to 'stage'
            container, we need the a special permission for it.<br>
          </font></blockquote>
        <br>
        <font face="Times New Roman, Times, serif">Hello, <br>
          <br>
          I tested this new permission to  grant 'Stage user
          administrator' to do a 'user-stage'.<br>
          Is it ok to add it to your patch ?<br>
          <br>
          thanks<br>
          thierry<br>
        </font>
        <blockquote cite="mid:55D33D81.301@redhat.com" type="cite"><font
            face="Times New Roman, Times, serif"> <br>
          </font><tt>[root@vm-141 ~]# ipa user-del ttest1 --preserve</tt><tt><br>
          </tt><tt>---------------------</tt><tt><br>
          </tt><tt>Deleted user "ttest1"</tt><tt><br>
          </tt><tt>---------------------</tt><tt><br>
          </tt><tt><br>
          </tt><tt>[root@vm-141 ~]# ipa user-stage ttest1</tt><tt><br>
          </tt><tt>ipa: ERROR: Insufficient access: Insufficient 'moddn'
            privilege to move an entry to 'cn=staged
users,cn=accounts,cn=provisioning,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com'.</tt><tt><br>
            <br>
          </tt><tt>[root@vm-141 ~]# klist</tt><tt><br>
          </tt><tt>Ticket cache: KEYRING:persistent:0:krb_ccache_hw3P667</tt><tt><br>
          </tt><tt>Default principal: <a moz-do-not-send="true"
              class="moz-txt-link-abbreviated"
              href="mailto:stageadm@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM">stageadm@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM</a></tt><tt><br>
          </tt><tt><br>
          </tt><tt>Valid starting       Expires              Service
            principal</tt><tt><br>
          </tt><tt>08/18/2015 15:45:43  08/19/2015 15:45:42  <a
              moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:ldap/vm-141.abc.idm.lab.eng.brq.redhat.com@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM">ldap/vm-141.abc.idm.lab.eng.brq.redhat.com@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM</a></tt><tt><br>
          </tt><tt>08/18/2015 15:45:42  08/19/2015 15:45:42  <a
              moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:krbtgt/ABC.IDM.LAB.ENG.BRQ.REDHAT.COM@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM">krbtgt/ABC.IDM.LAB.ENG.BRQ.REDHAT.COM@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM</a></tt><tt><br>
          </tt><tt><br>
          </tt><tt>[root@vm-141 ~]# kinit admin</tt><tt><br>
          </tt><tt>Password for <a moz-do-not-send="true"
              class="moz-txt-link-abbreviated"
              href="mailto:admin@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM">admin@ABC.IDM.LAB.ENG.BRQ.REDHAT.COM</a>:
          </tt><tt><br>
          </tt><tt>[root@vm-141 ~]# ipa user-stage ttest1</tt><tt><br>
          </tt><tt>----------------------------</tt><tt><br>
          </tt><tt>Staged user account "ttest1"</tt><tt><br>
          </tt><tt>----------------------------</tt><tt><br>
          </tt><tt>[root@vm-141 ~]# ipa stageuser-find ttest1</tt><tt><br>
          </tt><tt>--------------</tt><tt><br>
          </tt><tt>1 user matched</tt><tt><br>
          </tt><tt>--------------</tt><tt><br>
          </tt><tt>  User login: ttest1</tt><tt><br>
          </tt><tt>  First name: t</tt><tt><br>
          </tt><tt>  Last name: test1</tt><tt><br>
          </tt><tt>  Home directory: /home/ttest1</tt><tt><br>
          </tt><tt>  Login shell: /bin/sh</tt><tt><br>
          </tt><tt>  Email address: <a moz-do-not-send="true"
              class="moz-txt-link-abbreviated"
              href="mailto:ttest1@abc.idm.lab.eng.brq.redhat.com">ttest1@abc.idm.lab.eng.brq.redhat.com</a></tt><tt><br>
          </tt><tt>  UID: 1814000011</tt><tt><br>
          </tt><tt>  GID: 1814000011</tt><tt><br>
          </tt><tt>  Password: False</tt><tt><br>
          </tt><tt>  Kerberos keys available: False</tt><tt><br>
          </tt><tt>----------------------------</tt><tt><br>
          </tt><tt>Number of entries returned 1</tt><tt><br>
          </tt><tt>----------------------------</tt><font face="Times
            New Roman, Times, serif"><br>
            <br>
            <br>
          </font> </blockquote>
        <br>
      </blockquote>
      <br>
    </blockquote>
    <br>
  </body>
</html>