[pve-devel] applied: [PATCH access-control v2 5/5] do not modify ACLs/Groups for missing users
Thomas Lamprecht
t.lamprecht at proxmox.com
Sat Mar 21 16:27:40 CET 2020
On 3/13/20 1:18 PM, Dominik Csapak wrote:
> instead of dropping ACLs and group membership for missing users,
> simply warn and leave it in the config
>
> for users that get removed via the api this happens explicitely
>
> this is to prevent that a 'faulty' ldapsync removes users temporarily
> and with it all acls that the admin created
>
> we still have a 'purge' flag for the sync where ACLs get removed
> explicitly for users removed from ldap
>
> also adapt the tests
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> new in v2
> PVE/AccessControl.pm | 12 +++++-------
> test/parser_writer.pl | 16 ++++++++++------
> 2 files changed, 15 insertions(+), 13 deletions(-)
>
applied, thanks! Albeit, I may not have thought all implications through, so
it would be nice if Fabian (CCd) could also recheck that I did not applied
something non ideal ^^
More information about the pve-devel
mailing list