<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/19/2014 04:22 PM, Jan Cholasta
wrote:<br>
</div>
<blockquote cite="mid:537A1389.6050408@redhat.com" type="cite">On
19.5.2014 16:03, thierry bordaz wrote:
<br>
<blockquote type="cite">On 05/19/2014 03:54 PM, Jan Cholasta
wrote:
<br>
<blockquote type="cite">On 19.5.2014 15:19, Petr Viktorin wrote:
<br>
<blockquote type="cite">Hello list,
<br>
Here's a conversation that started internally. I'm making it
public.
<br>
<br>
On 05/19/2014 01:00 PM, Martin Kosek wrote:
<br>
<blockquote type="cite">On 05/19/2014 12:46 PM, Petr
Viktorin wrote:
<br>
<blockquote type="cite">On 05/19/2014 08:25 AM, Martin
Kosek wrote:
<br>
<blockquote type="cite">On 05/19/2014 08:24 AM, Martin
Kosek wrote:
<br>
<blockquote type="cite">On 05/16/2014 04:48 PM,
thierry bordaz wrote:
<br>
<blockquote type="cite">Hello Martin,
<br>
<br>
I am getting familiar with the freeipa CLI
code and started
<br>
implemented '--to-stage' and '--from-stage'.
This really an
<br>
impressive set of code :-)
<br>
</blockquote>
<br>
Great! :-)
<br>
<br>
<blockquote type="cite"> I completed 'to-stage'
and testing '--from-stage'.
<br>
<br>
I have a question regarding the
'--from-stage' syntax. 'uid'
<br>
is a
<br>
mandatory argument to 'user-add' subcommand.
In the design the
<br>
'--from-stage' option is described with:
<br>
<br>
ipa user-add --from-stage=tuser
<br>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<br>
Note, the design is here:
<br>
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/V4/User_Life-Cycle_Management">http://www.freeipa.org/page/V4/User_Life-Cycle_Management</a>
<br>
<br>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite"> But as 'uid' is
mandatory the command should rather be
<br>
<br>
ipa user-add tuser --from-stage=tuser
<br>
<br>
In that case the option value for
'--from-stage' is not
<br>
required and
<br>
the command should be
<br>
<br>
ipa user-add tuser --from-stage
<br>
<br>
Is that ok if I implement the command like
above or did I miss
<br>
something ?
<br>
<br>
regards
<br>
thierry
<br>
</blockquote>
<br>
Hmm, no, I think you are right. We can change
--from-stage to just
<br>
Bool
<br>
parameter. When it is true, it'd mean that get_dn or
pre-callback
<br>
should
<br>
retrieve the record from stage and use all it's
attributes (and add
<br>
standard
<br>
default attributes values on top of that).
<br>
<br>
Also CC-ing Petr Viktorin for reference.
<br>
</blockquote>
</blockquote>
<br>
This operation can't change the user's attributes, can
it? I.e., we
<br>
don't
<br>
support something like:
<br>
ipa user-add tuser --from-stage --phone=123456789
<br>
--email=newemail@example.com
<br>
If this is the case, what's the reason for using
user-add for this?
<br>
Wouldn't it
<br>
be better to make this a separate command, say:
<br>
ipa user-activate tuser
<br>
ipa user-activate tuser --from-deleted
<br>
ipa user-activate tuser --from-deleted --to-staged
<br>
</blockquote>
</blockquote>
</blockquote>
<br>
+1, I would even go as far as having separate commands for
staged and
<br>
deleted users, e.g.:
<br>
<br>
ipa user-unstage tuser
<br>
ipa user-undelete tuser
<br>
ipa user-undelete tuser --to-staged
<br>
</blockquote>
<br>
A deleted entry has already been active so it contains already
set
<br>
attributes while the pure staged entries are "almost" empty
boxes. But
<br>
from an administrator point of view, both staged/deleted entries
are
<br>
inactive. What would be the advantages of two separated commands
?
<br>
</blockquote>
<br>
You just said it yourself: activating/unstaging a user is quite
different from undeleting a user. Cramming multiple different
operations in a single command is bad design IMHO.
<br>
</blockquote>
<br>
Ok I understand. <br>
I believe that deleted entries and staged entries will be in the
same container (provisioning). So we may have at least those two
possibilities:<br>
<ul>
<li>ipa user-activate tuser [--from-staging|--from-delete]</li>
<li>ipa user-unstage tuser<br>
ipa user-undelete tuser<br>
</li>
</ul>
<blockquote cite="mid:537A1389.6050408@redhat.com" type="cite">
<br>
<blockquote type="cite">
<br>
<br>
<blockquote type="cite">
<br>
<blockquote type="cite">
<blockquote type="cite">
<br>
user-add command does a lot of additional processing
besides just
<br>
taking the
<br>
values and writing them to LDAP. It fills the UID and GID,
sets the
<br>
non-filled
<br>
default attributes like Kerberos attributes, adds user as
a member of
<br>
ipausers
<br>
groups - all that stuff. The same procedures should be
also done with
<br>
the user
<br>
from stage. This is why I proposed to augment user-add.
<br>
<br>
If there is a better way, I am open to it.
<br>
</blockquote>
<br>
That's not a very good reason to bring in all the CLI/API
options, most
<br>
importantly from the user's perspective. Also you'd have to
write extra
<br>
code to e.g. check the user didn't use the other options,
and that tends
<br>
to get messy quite fast.
<br>
<br>
The common processing should be split out into functions*
that both
<br>
commands would call.
<br>
(Or methods of the `user` object, which may turn out to be
more
<br>
practical.)
<br>
<br>
</blockquote>
<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
<br>
</blockquote>
<br>
</body>
</html>