[Backport][ipa-4-8] user-stage: transfer all attributes from preserved to stage user #3478
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The user-stage command is internally implemented as: - user_show(all=True) in order to read the user attributes - loop on the attributes defined as possible to add using stageuser-add and transform them into new options for stageuser_add (for instance stageuser-add provides the option --shell for the attribute loginshell, but there is no option for the attribute businesscategory). - call stageuser_add in order to create a new entry in the active users subtree - user-del to remove the previous entry in the staged users subtree The issue is in the 2nd step. Only the attributes with a stageuser-add option are processed. The logic of the code should be slightly modified, so that all the attributes read in the first step are processed: - if they correspond to an option of stageuser-add, process them like it's currently done. For instance if the entry contains displayname, then it should be processed as --displayName=value in the stageuser-add cmd - if they do not correspond to an option of stageuser-add, add them with --setattr=<attrname>=<attrvalue> Note that some attributes may need to be filtered, for instance user-show returns has_password or has_keytab, which do not correspond to attributes in the LDAP entry. Fixes: https://pagure.io/freeipa/issue/7597
When moving a preserved user to the stage area, check that the custom attributes are not lost ( = the attr for which there is no specific user_stage option). Test scenario: - add a stage user with --setattr "businesscategory=value" - activate the user, check that businesscategory is still present - delete (preserve) the user, check that attr is still present - stage the user, check that attr is still present Related: https://pagure.io/freeipa/issue/7597
|
PR was ACKed automatically because this is backport of PR #3448. Wait for CI to finish before pushing. In case of questions or problems contact @flo-renaud who is author of the original PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was opened automatically because PR #3448 was pushed to master and backport to ipa-4-8 is required.