[Freeipa-devel] User life cycle: question regarding the design
thierry bordaz
tbordaz at redhat.com
Mon May 26 08:12:38 UTC 2014
On 05/26/2014 07:49 AM, Martin Kosek wrote:
> On 05/23/2014 04:55 PM, Simo Sorce wrote:
>> On Fri, 2014-05-23 at 10:13 -0400, Rob Crittenden wrote:
>>> This, I believe, has already been covered, but I'm concerned with the
>>> (over)use of active/inactive in this discussion.
>>>
>>> I think use of "inactive" and "active" to describe users might be
>>> confusing since there is already an account enable/disable command.
>>> This
>>> on top of unlock, are there now 3 possible boolean states a user can
>>> be
>>> in? locked/unlocked, enabled/disabled, active/inactive, plus
>>> deleted/active and staged/active?
>>>
>> Agree, we should only have "ipa user-unstage <username>" and not call
>> this operations with words like active/inactive.
>>
>> User's in the staging area are not inactive, they are *not* users yet in
>> the first place.
>>
>> Simo.
>>
>
> Ok. Let us consolidate the decisions, I think we are now running in
> circles. Let me start from Petr3's API proposal which was a
> functionally complete proposal and start from there:
>
> On 05/22/2014 10:47 AM, Petr Viktorin wrote:
> > ...
> > My proposal would be that the move commands use the verb for the
> target and an
> > option for the source, and add/mod use an option for the container:
> >
> > 1) adding a new user
> > (to active) ipa user-add tuser ...
> > (to stage) ipa user-add tuser --staged ...
>
> Ok.
>
> > (to deleted) ipa user-add tuser --deleted ... (*)
>
> Not needed.
>
> > 2) moving to main
> > (from stage) ipa user-activate tuser (**)
> > (from del) ipa user-activate tuser --deleted
>
> We need both, alternative is Simo's proposal:
>
> ipa user-unstage
> ipa user-undelete
>
> I personally like unstage and undelete commands, I would go with those.
>
>
> > 3) moving to deleted
> > (from active) ipa user-del tuser
>
> Ok.
>
> > (from stage) ipa user-del tuser --staged
>
> IMO staged deleted users should not be moved to deleted container, but
> simply permanently deleted. As Simo noted, staged user are not real
> users, just incomplete users.
+1
>
> > 4) moving to stage
> > (from active) ipa user-stage tuser
> > (from del) ipa user-stage tuser --deleted
>
> None of the commands are needed for the basic workflow.
>
> > 5) modifying
> > (in active) ipa user-mod tuser ...
>
> Ok.
>
> > (in stage) ipa user-mod tuser --staged ...
>
> Simo did not like this command, I would personally add it. As long as
> we have "ipa user-add --staged", we should also have an option to
> delete and modify user in staged area.
>
> > (in del) ipa user-mod tuser --deleted ...
>
> Not needed.
When a user that left the organisation is coming back we will move his
entry 'delete' to 'active'. Now if the administrator wants the user to
come back but with some changes, he may need this option. For example if
by the time he left, the default homeDirectory changed the administrator
may want to update its value.
>
> Is this acceptable for everyone? If yes, the next step would be for
> Thierry to update the design page with new proposals.
>
> Martin
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list