mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
27baf35013
The user-stage command is internally implemented as: - user_show(all=True) in order to read the user attributes - loop on the attributes defined as possible to add using stageuser-add and transform them into new options for stageuser_add (for instance stageuser-add provides the option --shell for the attribute loginshell, but there is no option for the attribute businesscategory). - call stageuser_add in order to create a new entry in the active users subtree - user-del to remove the previous entry in the staged users subtree The issue is in the 2nd step. Only the attributes with a stageuser-add option are processed. The logic of the code should be slightly modified, so that all the attributes read in the first step are processed: - if they correspond to an option of stageuser-add, process them like it's currently done. For instance if the entry contains displayname, then it should be processed as --displayName=value in the stageuser-add cmd - if they do not correspond to an option of stageuser-add, add them with --setattr=<attrname>=<attrvalue> Note that some attributes may need to be filtered, for instance user-show returns has_password or has_keytab, which do not correspond to attributes in the LDAP entry. Fixes: https://pagure.io/freeipa/issue/7597 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>