[Freeipa-devel] User Life Cycle: enforce ipaUniqueID generation by the server
Simo Sorce
simo at redhat.com
Tue Jun 17 19:24:38 UTC 2014
On Tue, 2014-06-17 at 20:43 +0200, thierry bordaz wrote:
> On 06/17/2014 08:39 PM, Simo Sorce wrote:
> > On Tue, 2014-06-17 at 17:59 +0200, thierry bordaz wrote:
> >> * ipa stageuser-add <login> --from-delete
> >>
> >> It moves a deleted entry to staging container where
> >>
> >> uidNumber: <unchanged, so it is preserved from the
> >> prevous active account>
> >> gidNumber: <unchanged, so it is preserved from the
> >> prevous active account>
> >> ipaUniqueID: autogenerate (reset to autogenerate)
> > Why are you resetting the unique id ?
> I can not activate a stage user that already has ipaUniqueID. The UUID
> IPA plugin rejects adding such entry.
> It is not strictly necessary to reset this value when moving the entry
> Delete to Staging. But later 'Staging' to 'Active' (stageuser-activate)
> it is required.
If someone keys something around the ipaUniqueID you cannot lose it.
I wonder if we can allow setting a ipauniqueID instead of refusing, I
forgot why we refuse to set values though. Maybe we can relax and just
count on uniqueness plugin to reject if there is a conflict.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list