[Freeipa-devel] Some WebUI observations

Jon Stanley jonstanley at gmail.com
Fri Nov 2 14:38:08 UTC 2007 

I just installed milestone 4, updated to update 1 last night, and
found a few things about the UI that probably need some attention (I
know that Marian has been working on some UI stuff that's not in yet):

1)  If you attempt to access the site without having a valid Kerberos
ticket, a page comes up talking about an idm wiki, calling the
helpdesk, etc (forget the exact wording, I'm not at home where I've
got a browser that can access my FreeIPA server).  This is obviously a
stale message, but where does it come from?  It should be configurable
to allow the admin to put something to the effect of 'You've tried to
access Company XYZ's FreeIPA server, however, you do not have a
Kerberos ticket.  Obtain one via kinit, or if you are having
difficulties, contact   the helpdesk at xxx-xxx-xxxx"

2)  Adding users has no option to override auto UID/GID generation.
This would be quite useful.

3)  There appears to be no  interface for organizing users into OU's -
am I missing something or is this coming in a future release?

4)  I created a user, got rid of my tickets using kdestroy, used kinit
as that new user, and went to the website.  All of the links were
still there that were when I was admin.  I clicked add user and it
brought up the form. Filled out the form and hit submit, it simply
said that 'a database error occured', not that I didn't have
permissions to perform the action.  Ideally, I wouldn't be able to see
the link to add a user, and if I were, I should be told that I don't
have permission instead of being presented with the form.  I could not
find an error anywhere that explicitly stated that I didn't have
permissions, either.  The closest thing that I found was a cryptic
entry in the FDS access log:

[02/Nov/2007:08:19:41 -0400] conn=18 op=3 ADD
dn="uid=jdoe,cn=users,cn=accounts,dc=rmrf,dc=net"
[02/Nov/2007:08:19:41 -0400] conn=18 op=3 RESULT err=50 tag=105
nentries=0 etime=0

5)  I don't think that the settings page is implemented yet.  When it
is, there should be an option for the default e-mail format and cn
schema.

That's all that I can think of for now, I'm sure that there's more
that I just can't think about this early in the morning

-Jon

More information about the Freeipa-devel mailing list