Only going to do this in the plugin, not as an ACI, to prevent accidental overwriting.
disallow writes on some attrs
Oh, hrm, I forgot about host enrollment, this will break it. New patch coming.
The enrolledBy attribute was addressed by a later patch, this is fixed.
I think that enrolledBy got added back as a mistake but I can't be sure.
I do remember have a discussion with Simo related to this type of field, if not this particular one. It is difficult to write an aci with sufficient logic to allow some updates and disallow others.
So enrolledBy won't be removed during unenrollment, but it will be updated when a host is enrolled.
Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.1 - 2011/07
to comment on this ticket.