On 05/15/2015 04:44 PM, David Kupka wrote: > Hello Thierry, > thanks for the patch set. Overall functionality of ULC feature looks good to > me and is definitely "alpha ready". > > I found following issues but don't insist on fixing it right now:
Given we are now only fixing bugs and not doing big structural changes, I would rather like to push what we have and then work on fixing the bugs that are critical for the feature. Some may be before Alpha, some after Alpha or even 4.2.1 or later versions - depending on the impact. > 1) When stageuser-activate fails due to already existent active/deleted user. > DN is show instead of user name that's used in other commands (user-add, > stageuser-add). > $ ipa user-add tuser --first Test --last User > $ ipa stageuser-add tuser --first Test --last User > $ ipa stageuser-activate tuser > ipa: ERROR: Active user > uid=tuser,cn=users,cn=accounts,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com > > already exists Please file ticket, can be fixed in 4.2.1 or later IMO. > > 2) According to the design there should be '--only-delete' and > '--also-delete' > options for user-find command instead there is '--preserved' option. > Honza proposed adding virtual boolean attribute 'deleted' to user entry and > filter on it. > The 'deleted' attribute would be useful also in user-show where is no way to > tell if the displayed user is active or deleted. (Except running with --all > and looking on the dn). Please file ticket as well. As I talked to David, it is now difficult to distinguish between active and deleted users, user-show USER shows the user regardless if the user is active or deleted. This is something we should discuss, what is the ideal behavior. Please include this question in the ticket. > 3) uidNumber and gidNumber can't be set back to '-1' once set to other value. > This would be useful when admin changes its mind and want IPA to assign them. > IIUC, there should be no validation in cn=staged user container. All > validation should be done during stageuser-activate. We may want with filing a ticket unless there is a real demand for this. > 4) Support for deleted -> stage workflow is still missing. But I'm unsure if > we > agreed to finish it now or later. We wanted to do it also, but based on Thierry's availability, it can be done post-Alpha or even 4.2.1. > 5) Twice deleting user with '--preserve' deletes him permanently. > $ ipa user-add tuser --first Test --last User > $ ipa user-del tuser --preserve > $ ipa user-del tuser --preserve > $ ipa user-find --preserved > ------------------------ > 0 (delete) users matched > ------------------------ > ---------------------------- > Number of entries returned 0 > ---------------------------- This looks as something we may want to fix before GA. Pushed to master: 273fd057a3be797a05d6c7f34fd619d3dfa09c37 When the UI (on review) is also pushed, we will have the base ULC functionality here and we can close the main RFE. Thanks everyone! Martin -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
