[Freeipa-devel] User Life Cycle: enforce ipaUniqueID generation by the server
Simo Sorce
simo at redhat.com
Tue Jun 17 19:29:50 UTC 2014
On Tue, 2014-06-17 at 15:23 -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Tue, 2014-06-17 at 17:59 +0200, thierry bordaz wrote:
> >> * ipa stageuser-add <login> --from-delete
> >>
> >> It moves a deleted entry to staging container where
> >>
> >> uidNumber: <unchanged, so it is preserved from the
> >> prevous active account>
> >> gidNumber: <unchanged, so it is preserved from the
> >> prevous active account>
> >> ipaUniqueID: autogenerate (reset to autogenerate)
> >
> > Why are you resetting the unique id ?
>
> Read back a few in the thread. I suggested, perhaps incorrectly, that
> given that there should be no more references to the user once they go
> into deleted or staged, it may be ok to reset this value.
Well, let me reiterate, the deleted bucket is for those environments
where they have a mandate (regulation, law, policy, etc..) to never
delete users and reinstate users if they are deleted.
So all uniquely identifying information should be preserved in case the
object is revived. This means we need to do our best to preserve all
these attributes if we can.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list