subject:"\[Freeipa\-devel\] \[PATCH 0007\]\[DOC\] Tip on restoring admin account"

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

2014-03-03 Thread Petr Viktorin

On 03/03/2014 03:16 PM, Gabe Alford wrote:

Yes, the attached patch looks good. I see what you are saying how it did
look misleading.

Thanks,

Gabe

Thank you for your help!
Pushed to docs master: dfb1b16b4b62e87540b34bae8b4454021f17fd71

On Mon, Mar 3, 2014 at 3:13 AM, Petr Viktorin mailto:pvikt...@redhat.com>> wrote:

On 03/02/2014 11:26 PM, Gabe Alford wrote:

Here is an updated patch that merges the notes and adds info about
preventing removal of the last admin.

Gabe

That looks misleading to me -- by default, the "group
administrators" privilege actually excludes the right to modify
admins. Only admins or the Directory Manager can add new admins.

I took a stab at correcting this; does the attached patch look good?

On Fri, Feb 28, 2014 at 8:39 AM, Gabe Alford
mailto:redhatri...@gmail.com>
>__>
wrote:

 That does make more sense to merge them under the same
note. I can
 also include a little blurb about ipa user-del and ipa
 group-remove-member.

 On Fri, Feb 28, 2014 at 5:54 AM, Petr Viktorin
mailto:pvikt...@redhat.com>
 >>
wrote:

 On 02/26/2014 04:01 PM, Gabe Alford wrote:

 Hi all,

 I added a tip in the deleting users section on
restoring
 admin account.
 Please review.

https://fedorahosted.org/freeipa/ticket/2746

 >

 Hello,

 The new tip is added right under a Note about the same
thing (or
 a very similar thing, from the user's POV). Would it be
possible
 to merge those two into a single Note?

 Nowadays[0], ipa user-del and ipa group-remove-member will
 refuse to delete the last admin. I think this
information should
 be added to the main docs. (Also, this reduces the
importance of
 the recovery instructions.)

 [0] https://fedorahosted.org/freeipa/ticket/2564

 >

 --
 Petrł

--
Petr³

--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

2014-03-03 Thread Gabe Alford

Yes, the attached patch looks good. I see what you are saying how it did
look misleading.

Thanks,

Gabe


On Mon, Mar 3, 2014 at 3:13 AM, Petr Viktorin  wrote:

> On 03/02/2014 11:26 PM, Gabe Alford wrote:
>
>> Here is an updated patch that merges the notes and adds info about
>> preventing removal of the last admin.
>>
>> Gabe
>>
>
> That looks misleading to me -- by default, the "group administrators"
> privilege actually excludes the right to modify admins. Only admins or the
> Directory Manager can add new admins.
>
> I took a stab at correcting this; does the attached patch look good?
>
>
>>
>> On Fri, Feb 28, 2014 at 8:39 AM, Gabe Alford > > wrote:
>>
>> That does make more sense to merge them under the same note. I can
>> also include a little blurb about ipa user-del and ipa
>> group-remove-member.
>>
>>
>> On Fri, Feb 28, 2014 at 5:54 AM, Petr Viktorin > > wrote:
>>
>> On 02/26/2014 04:01 PM, Gabe Alford wrote:
>>
>> Hi all,
>>
>> I added a tip in the deleting users section on restoring
>> admin account.
>> Please review.
>>
>> https://fedorahosted.org/__freeipa/ticket/2746
>>
>> 
>>
>>
>>
>> Hello,
>>
>> The new tip is added right under a Note about the same thing (or
>> a very similar thing, from the user's POV). Would it be possible
>> to merge those two into a single Note?
>>
>> Nowadays[0], ipa user-del and ipa group-remove-member will
>> refuse to delete the last admin. I think this information should
>> be added to the main docs. (Also, this reduces the importance of
>> the recovery instructions.)
>>
>> [0] https://fedorahosted.org/__freeipa/ticket/2564
>> 
>>
>> --
>> Petrł
>>
>>
>>
>>
>
> --
> Petr³
>
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

2014-03-03 Thread Petr Viktorin


On 03/02/2014 11:26 PM, Gabe Alford wrote:

Here is an updated patch that merges the notes and adds info about
preventing removal of the last admin.

Gabe


That looks misleading to me -- by default, the "group administrators" 
privilege actually excludes the right to modify admins. Only admins or 
the Directory Manager can add new admins.


I took a stab at correcting this; does the attached patch look good?




On Fri, Feb 28, 2014 at 8:39 AM, Gabe Alford mailto:redhatri...@gmail.com>> wrote:

That does make more sense to merge them under the same note. I can
also include a little blurb about ipa user-del and ipa
group-remove-member.


On Fri, Feb 28, 2014 at 5:54 AM, Petr Viktorin mailto:pvikt...@redhat.com>> wrote:

On 02/26/2014 04:01 PM, Gabe Alford wrote:

Hi all,

I added a tip in the deleting users section on restoring
admin account.
Please review.

https://fedorahosted.org/__freeipa/ticket/2746




Hello,

The new tip is added right under a Note about the same thing (or
a very similar thing, from the user's POV). Would it be possible
to merge those two into a single Note?

Nowadays[0], ipa user-del and ipa group-remove-member will
refuse to delete the last admin. I think this information should
be added to the main docs. (Also, this reduces the importance of
the recovery instructions.)

[0] https://fedorahosted.org/__freeipa/ticket/2564


--
Petrł






--
Petr³
From 6d33775c23d31aaace4f4e896a543c8098100af8 Mon Sep 17 00:00:00 2001
From: Gabe 
Date: Sat, 1 Mar 2014 16:09:51 -0700
Subject: [PATCH] Document steps to restore deleted admin account

Added to the existing note under 'Deleting Users'. Also added a line about
ipa user-del and ipa group-remove-member not allowing the last admin user to be
deleted by default.

https://fedorahosted.org/freeipa/ticket/2746
---
 src/user_guide/en-US/Users.xml | 16 +---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/user_guide/en-US/Users.xml b/src/user_guide/en-US/Users.xml
index 9ab18ac..5295667 100644
--- a/src/user_guide/en-US/Users.xml
+++ b/src/user_guide/en-US/Users.xml
@@ -447,12 +447,22 @@ UID: 387115841
 			 
 Deleting a user account is permanent. The information cannot be recovered; a new account must be created.
 			
-			 NOTE
+			NOTE
+
+	The ipa user-del and ipa group-remove-member commands prevent the accidential deletion of the last user in the admins group.
+
 
-	If all admin users are deleted, then you must use the Directory Manager account to create a new administrative user. 
+	However, if all users from the admins group are removed in some way,
+	you can use the Directory Manager account to add another user to the group:
 
+ldapmodify -x -D 'cn=directory manager' -W
+dn: cn=admins,cn=groups,cn=accounts,dc=example,dc=com
+changetype: modify
+add: member
+member: uid=youruser,cn=users,cn=accouns,dc=example,dc=com
+
 
-	Alternatively, any user who belongs in the group management role can also add a new admin user.
+	Once you have done this, you may use this account to re-create the admin user.
 
 			
 			With the Web UI
-- 
1.8.5.3

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

2014-03-02 Thread Gabe Alford

Here is an updated patch that merges the notes and adds info about
preventing removal of the last admin.

Gabe


On Fri, Feb 28, 2014 at 8:39 AM, Gabe Alford  wrote:

> That does make more sense to merge them under the same note. I can also
> include a little blurb about ipa user-del and ipa group-remove-member.
>
>
> On Fri, Feb 28, 2014 at 5:54 AM, Petr Viktorin wrote:
>
>> On 02/26/2014 04:01 PM, Gabe Alford wrote:
>>
>>> Hi all,
>>>
>>> I added a tip in the deleting users section on restoring admin account.
>>> Please review.
>>>
>>> https://fedorahosted.org/freeipa/ticket/2746
>>>
>>
>>
>> Hello,
>>
>> The new tip is added right under a Note about the same thing (or a very
>> similar thing, from the user's POV). Would it be possible to merge those
>> two into a single Note?
>>
>> Nowadays[0], ipa user-del and ipa group-remove-member will refuse to
>> delete the last admin. I think this information should be added to the main
>> docs. (Also, this reduces the importance of the recovery instructions.)
>>
>> [0] https://fedorahosted.org/freeipa/ticket/2564
>>
>> --
>> Petrł
>>
>>
>


freeipa-rga-0007-2-DOC-Document-steps-to-restore-deleted-admin-account.patch
Description: Binary data
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

2014-02-28 Thread Gabe Alford

That does make more sense to merge them under the same note. I can also
include a little blurb about ipa user-del and ipa group-remove-member.


On Fri, Feb 28, 2014 at 5:54 AM, Petr Viktorin  wrote:

> On 02/26/2014 04:01 PM, Gabe Alford wrote:
>
>> Hi all,
>>
>> I added a tip in the deleting users section on restoring admin account.
>> Please review.
>>
>> https://fedorahosted.org/freeipa/ticket/2746
>>
>
>
> Hello,
>
> The new tip is added right under a Note about the same thing (or a very
> similar thing, from the user's POV). Would it be possible to merge those
> two into a single Note?
>
> Nowadays[0], ipa user-del and ipa group-remove-member will refuse to
> delete the last admin. I think this information should be added to the main
> docs. (Also, this reduces the importance of the recovery instructions.)
>
> [0] https://fedorahosted.org/freeipa/ticket/2564
>
> --
> Petrł
>
>
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

2014-02-28 Thread Petr Viktorin


On 02/26/2014 04:01 PM, Gabe Alford wrote:

Hi all,

I added a tip in the deleting users section on restoring admin account.
Please review.

https://fedorahosted.org/freeipa/ticket/2746



Hello,

The new tip is added right under a Note about the same thing (or a very 
similar thing, from the user's POV). Would it be possible to merge those 
two into a single Note?


Nowadays[0], ipa user-del and ipa group-remove-member will refuse to 
delete the last admin. I think this information should be added to the 
main docs. (Also, this reduces the importance of the recovery instructions.)


[0] https://fedorahosted.org/freeipa/ticket/2564

--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

2014-02-26 Thread Gabe Alford

Hi all,

I added a tip in the deleting users section on restoring admin account.
Please review.

https://fedorahosted.org/freeipa/ticket/2746

Thanks,

Gabe


freeipa-rga-0007-DOC-Document-steps-to-restore-deleted-admin-account.patch
Description: Binary data
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

Re: [Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

[Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

7 matches

Site Navigation

Mail list logo

Footer information