Came across and intriguing problem when working on group inactivation.With group inactivation you pick a group, select inactive and update it. This causes all group members, including recursively all groups, to be marked inactive.
So what should we do if the current user happens to be a member of that group (or subgroup)?
What currently happens is IPA throws up because once the user is inactivated their credentials are no longer accepted by FDS.
So should we: 1. Let things go ahead and blow up (i.e. change nothing) 2. Do not let them deactivate anything they are a part of 3. Do all the deactivation except for their record 4. Something else Ideas? I'm leaning towards #2 myself. rob
Description: S/MIME Cryptographic Signature