[pve-devel] applied: [PATCH access-control v2 5/5] do not modify ACLs/Groups for missing users

Thomas Lamprecht t.lamprecht at proxmox.com
Sat Mar 21 16:27:40 CET 2020


On 3/13/20 1:18 PM, Dominik Csapak wrote:
> instead of dropping ACLs and group membership for missing users,
> simply warn and leave it in the config
> 
> for users that get removed via the api this happens explicitely
> 
> this is to prevent that a 'faulty' ldapsync removes users temporarily
> and with it all acls that the admin created
> 
> we still have a 'purge' flag for the sync where ACLs get removed
> explicitly for users removed from ldap
> 
> also adapt the tests
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> new in v2
>  PVE/AccessControl.pm  | 12 +++++-------
>  test/parser_writer.pl | 16 ++++++++++------
>  2 files changed, 15 insertions(+), 13 deletions(-)
> 

applied, thanks! Albeit, I may not have thought all implications through, so
it would be nice if Fabian (CCd) could also recheck that I did not applied
something non ideal ^^





More information about the pve-devel mailing list