3eeaf22 user-stage: transfer all attributes from preserved to stage user

1 file Authored by frenaud 4 years ago, Committed by abbra 4 years ago,
    user-stage: transfer all attributes from preserved to stage user
    
    The user-stage command is internally implemented as:
    - user_show(all=True) in order to read the user attributes
    - loop on the attributes defined as possible to add using stageuser-add and
    transform them into new options for stageuser_add (for instance stageuser-add
    provides the option --shell for the attribute loginshell, but there is no
    option for the attribute businesscategory).
    - call stageuser_add in order to create a new entry in the active users subtree
    - user-del to remove the previous entry in the staged users subtree
    
    The issue is in the 2nd step. Only the attributes with a stageuser-add option
    are processed.
    The logic of the code should be slightly modified, so that all the attributes
    read in the first step are processed:
    - if they correspond to an option of stageuser-add, process them like it's
    currently done. For instance if the entry contains displayname, then it
    should be processed as --displayName=value in the stageuser-add cmd
    - if they do not correspond to an option of stageuser-add, add them with
    --setattr=<attrname>=<attrvalue>
    
    Note that some attributes may need to be filtered, for instance user-show
    returns has_password or has_keytab, which do not correspond to attributes
    in the LDAP entry.
    
    Fixes: https://pagure.io/freeipa/issue/7597
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+44 -0