[Freeipa-devel] group inactivation question

Rob Crittenden rcritten at redhat.com
Wed Nov 7 20:13:06 UTC 2007


Pete Rowley wrote:
> Rob Crittenden wrote:
>> Ticket https://hosted.fedoraproject.org/projects/freeipa/ticket/54 
>> calls for an option to inactivate all users in a group.
>>
>> I've got this mostly done on the GUI side. I added a similar option to 
>> mark a group as active/inactive and it too updates nsAccountLock.
>>
>> So in XML-RPC when a group is updated I can see if this is "true" and 
>> mark all the members as inactive. But this opens a real can of works.
>>
>> Groups can be members of groups. Should I follow all paths and 
>> recursively mark everything inactive?
>>
>> And does the reverse hold true as well? If a group is inactive and it 
>> is marked active does that cause everything to become active again? I 
>> assume so but I hate assuming.
> There are a lot of problems doing this directly - using cos in the 
> manner I described would have everything just work, including new users 
> getting added to groups becoming inactivated and so on.
> 

Oh, I guess I missed that. I recall you asking if I used cos but not a 
description of how to use it. I'm open to not using brute-force.

Can you explain cos again? I've never used it myself.

thanks

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071107/048c6484/attachment.bin>


More information about the Freeipa-devel mailing list