[Freeipa-devel] group inactivation question
Pete Rowley
prowley at redhat.com
Wed Nov 7 20:07:30 UTC 2007
Rob Crittenden wrote:
> Ticket https://hosted.fedoraproject.org/projects/freeipa/ticket/54
> calls for an option to inactivate all users in a group.
>
> I've got this mostly done on the GUI side. I added a similar option to
> mark a group as active/inactive and it too updates nsAccountLock.
>
> So in XML-RPC when a group is updated I can see if this is "true" and
> mark all the members as inactive. But this opens a real can of works.
>
> Groups can be members of groups. Should I follow all paths and
> recursively mark everything inactive?
>
> And does the reverse hold true as well? If a group is inactive and it
> is marked active does that cause everything to become active again? I
> assume so but I hate assuming.
There are a lot of problems doing this directly - using cos in the
manner I described would have everything just work, including new users
getting added to groups becoming inactivated and so on.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071107/dd290bca/attachment.bin>
More information about the Freeipa-devel
mailing list