Hi, Viktor rightly pointed out that I should discuss the content of: https://pagure.io/389-ds-base/pull-request/50641 This change is not obvious due to the design of the default ACI system in lib389 (as a result the diff shows a whole new file). However the changes are limited to ou=People. This allows users to self-write userPassword and legalName, and allows self read to sn and legalName attributes. These were always intended to be in place, but apparently William of the past didn't write tests to assert these properties - that's why in this change there are now tests to show the behaviours we expect for people. This was noticed when working on 389-ds-portal, where these behaviours are somewhat important to have! So to address the obvious question, this only affects *new* deployments that will use sample entries / initialise. Existing deployments on 1.3.x and 1.4.[0,1] will not have their aci's changed. Any install that does a full re-init over the sample entries will obviously discard this content. These should work with both nsUser and User types as well, thus the tests for both. I think it's a pretty simple change, and from a usability standpoint it's another small step in making new deployments a bit smoother. Thoughts/comments? I'd aim to merge this about the 18th of oct, so that's a week for everyone to have their say, and there is always room to revert things later if needed. Thanks! -- Sincerely, William _______________________________________________ 389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx
