#4681 If token owner is changed, the token manager should be unset
Closed: Fixed None Opened 10 years ago by npmccallum.

For instance, if an admin unassigns a token from a user, the user should not retain management priviledges. Hence {{{ipa otptoken-mod $ID --owner=""}}} should also unset managedBy.

We should also consider what to do when a new owner is assigned. I suspect that the logic should be something like:

if old.get('owner', None) == old.get('managedBy', None):
  if new.get('owner', old.get('owner', None)) != old.get('owner', None):
    if not new.has_key('managedBy'):
      new['managedby'] = new['owner']

I have listed this as an enhancement since it is possible to get the correct behavior by specifying managedBy manually. It would be nice to do the best behavior by default.


This should be a good starting ticket for mbabinsk.

master:

  • b95f433 Changing the token owner changes also the manager

ipa-4-1:

  • c985de1 Changing the token owner changes also the manager

Metadata Update from @npmccallum:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.1.3

7 years ago

Log in to comment on this ticket.

Metadata