Bug 677383

Summary: ipa user-mod: set and add attr on nsAccountLock behavior change
Product: [Retired] freeIPA Reporter: Jenny Severance <jgalipea>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: unspecified    
Version: 2.0CC: benl, dpal, jgalipea
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freeipa-2.1.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-28 09:27:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jenny Severance 2011-02-14 15:03:11 UTC 
Description of problem:
ipa user-mod --setattr and --addattr used to fail with "ipa: ERROR: attribute \"nsAccountLock\" not allowed"

Now you can set the attribute .....

# ipa user-mod --setattr nsAccountLock=blah myuser
----------------------
Modified user "myuser"
----------------------
  User login: myuser
  First name: myuser
  Last name: myuser
  Home directory: /home/myuser
  Login shell: /bin/sh
  Account disabled: blah
  Member of groups: ipausers


and you can set multiple values as well as values other than true of false ... 

# ipa user-mod --addattr nsAccountLock=test myuser
----------------------
Modified user "myuser"
----------------------
  User login: myuser
  First name: myuser
  Last name: myuser
  Home directory: /home/myuser
  Login shell: /bin/sh
  Account disabled: true, test
  Member of groups: ipausers



Version-Release number of selected component (if applicable):
freeipa-server-2.0-0.2011020720git7be1275.fc14.i686

How reproducible:
always

Steps to Reproduce:
1. add a user
   # ipa user-add --first=myuser --last=myuser myuser
2. set the nsAccountLock attribute
   # ipa user-mod --setattr nsAccountLock=true myuser
3. add an additional nsAccountLock attribute
   # ipa user-mod --addattr nsAccountLock=test myuser
  
Actual results:
successfully set attr and add attr on user object, multi valued and values other than true or false

Expected results:
Only set attr should be allowed and only values true and false.

Additional info:
Comment 1 Dmitri Pal 2011-02-15 06:50:37 UTC 
https://fedorahosted.org/freeipa/ticket/968
Comment 2 Rob Crittenden 2011-02-17 22:12:09 UTC 
master: 4211eee9922cc30e57e740e34018653381bd0dde