[Freeipa-devel] Supported Staged entries
thierry bordaz
tbordaz at redhat.com
Tue May 27 09:14:52 UTC 2014
Hello,
Me again !!!
Thanks to all your inputs, the discussion about User_life_cycle
clarified a lot workflow/command verbs.
Now I have a doubt about what would be an entry in staging
(objectclass/attribute). Also I wonder if ipa CLI (ipa user-add
--stage), would be the only support way to create stage entry.
An active entry is looking like (with krb* attributes if the
userpassword is defined):
dn:
uid=tb17,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
displayName: tb15 tb15
cn: tb15 tb15
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
loginShell: /bin/sh
gecos: tb15 tb15
sn: tb15
homeDirectory: /home/tb17
uid: tb17
mail: tb17 at idm.lab.bos.redhat.com
krbPrincipalName: tb17 at IDM.LAB.BOS.REDHAT.COM
givenName: tb15
initials: tt
ipaUniqueID: 3f1b5cce-e1b8-11e3-86fe-001a4a104ecd
uidNumber: 646400009
gidNumber: 646400009
mepManagedEntry:
cn=tb17,cn=groups,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,
dc=com
memberOf:
cn=ipausers,cn=groups,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=
com
nsAccountLock: False
A staged entry created by 'ipa user-add --stage' may look like the
following. This kind of entry is easy to activate 'ipa user-unstage'
dn: uid=tb20,cn=staged
users,cn=accounts,cn=provisioning,dc=idm,dc=lab,dc=bos,
dc=redhat,dc=com
displayName: tb20 tb20
cn: tb20 tb20
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
loginShell: /bin/sh
uidNumber: -1
ipaUniqueID: autogenerate
gidNumber: -1
gecos: tb20 tb20
sn: tb20
homeDirectory: /home/tb20
uid: tb20
mail: tb20 at idm.lab.bos.redhat.com
krbPrincipalName: tb20 at IDM.LAB.BOS.REDHAT.COM
givenName: tb20
initials: tt
nsAccountLock: True
Now are we going to support the following entries for 'ipa user-unstage'
dn: cn=tb20,cn=staged
users,cn=accounts,cn=provisioning,dc=idm,dc=lab,dc=bos,
dc=redhat,dc=com
objectClass: top
objectClass: person
sn: tb20
cn: tb20
nsAccountLock: True
or
dn: uid=tb20,cn=staged
users,cn=accounts,cn=provisioning,dc=idm,dc=lab,dc=bos,
dc=redhat,dc=com
objectClass: top
objectClass: person
objectClass: posixAccount
sn: tb20
cn: tb20 tb20
uid: tb20
uidNumber: -1
gidNumber: -1
homeDirectory: /home/tb20
nsAccountLock: True
thanks
thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140527/15809abe/attachment.htm>
More information about the Freeipa-devel
mailing list