[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Freeipa-devel] inactivating yourself



Came across and intriguing problem when working on group inactivation.

With group inactivation you pick a group, select inactive and update it. This causes all group members, including recursively all groups, to be marked inactive.

So what should we do if the current user happens to be a member of that group (or subgroup)?

What currently happens is IPA throws up because once the user is inactivated their credentials are no longer accepted by FDS.

So should we:

1. Let things go ahead and blow up (i.e. change nothing)
2. Do not let them deactivate anything they are a part of
3. Do all the deactivation except for their record
4. Something else

Ideas?

I'm leaning towards #2 myself.

rob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]