[Freeipa-devel] [RFE] User Life-Cycle Management
Martin Kosek
mkosek at redhat.com
Thu Sep 26 12:32:12 UTC 2013
Hello developers!
I prepared a first draft of User Life-Cycle Management feature, which should
appear in later FreeIPA release.
http://www.freeipa.org/page/V3/User_Life-Cycle_Management
There are still open questions, the main one from my perspective is if the
staged users should be stored in our main LDAP database/suffix or the alternate
one. Both have pros and cons, I tried to list them in the design page.
Keeping it in a separated suffix may allow less difficult maintenance of old
and new FreeIPA servers as old FreeIPA servers and plugins (like ipa-kdb) will
not see the staged users. But there are higher replication agreement and other
costs connected with this approach.
Comments, feedback is very welcome.
Martin
More information about the Freeipa-devel
mailing list