For instance, if an admin unassigns a token from a user, the user should not retain management priviledges. Hence {{{ipa otptoken-mod $ID --owner=""}}} should also unset managedBy.
We should also consider what to do when a new owner is assigned. I suspect that the logic should be something like:
if old.get('owner', None) == old.get('managedBy', None): if new.get('owner', old.get('owner', None)) != old.get('owner', None): if not new.has_key('managedBy'): new['managedby'] = new['owner']
I have listed this as an enhancement since it is possible to get the correct behavior by specifying managedBy manually. It would be nice to do the best behavior by default.
stretch goal
4.1.2 was released.
This should be a good starting ticket for mbabinsk.
master:
ipa-4-1:
Metadata Update from @npmccallum: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.1.3
Log in to comment on this ticket.