COmanage Users List

[Benn Oshrin <>]

I've pushed commit 67b60623f5 to the branch "hotfix-2.0.x" if you'd like
to test it out. (It'll probably be a few weeks before we see a 2.0.1
release.)

Thanks,

-Benn-

On 4/10/17 5:16 PM, Benn Oshrin wrote:
> I've got a patch ready but can't get it committed until we're done with
> some source tree management as part of the 2.0.0 release. I'll update
> the ticket (which you can watch if you want to) once it's posted in case
> you want to try that out when it's available.
> 
> Thanks,
> 
> -Benn-
> 
> On 4/10/17 7:55 AM, Kevin M. Hildebrand wrote:
>> Ok, thanks.  For the time being I modified the schema to make the SSH
>> key an optional component.
>> One other observation of note that is likely related- when removing an
>> SSH key (by clicking the 'Delete' button next to it on co_people/canvas/XX)
>> the key is not being correctly removed from LDAP.  The LDAP modify
>> operation that's sent to the LDAP server updates all of the rest of the
>> attributes, but doesn't include the sshPublicKey attribute.
>> I guess in this case one would also have to remove the ldapPublicKey
>> object class, since it's dependent on sshPublicKey.  Yuck.
>>
>> Kevin
>>
>> On Sat, Apr 8, 2017 at 9:13 AM, Benn Oshrin 
>> <
>> <mailto:>>
>>  wrote:
>>
>>     Hi Kevin,
>>
>>     This is a known issue:
>>
>>      https://bugs.internet2.edu/jira/browse/CO-1397
>>     <https://bugs.internet2.edu/jira/browse/CO-1397>
>>
>>     We're hoping to get this fixed in the patch release (2.0.1) after the
>>     new feature release (2.0.0) due out in the next couple of days.
>>
>>     There is also an RFE for handling SSH keys as part of enrollment, 
>> though
>>     that wouldn't really solve the issue as you point out.
>>
>>      https://bugs.internet2.edu/jira/browse/CO-1087
>>     <https://bugs.internet2.edu/jira/browse/CO-1087>
>>
>>     Thanks,
>>
>>     -Benn-
>>
>>     On 4/7/17 10:58 AM, Kevin M. Hildebrand wrote:
>>     > I'm using self-signup, LDAP provisioning, and also trying to
>>     manage SSH
>>     > public keys.  The problem that I'm having is that the ldapPublicKey
>>     > object class lists sshPublicKey as a required attribute.  So if I
>>     enable
>>     > the ldapPublicKey object class in my LDAP provisioner settings, the
>>     > provisioning of new users will fail since there's no way for them to
>>     > initially provide their public key during enrollment.
>>     >
>>     > Any thoughts on how to deal with this?
>>     > 1) modify the LDAP schema to make sshPublicKey optional
>>     > 2) modify the LDAP provisioner to not include the ldapPublicKey 
>> object
>>     > class if there are no SSH keys defined
>>     > 3) modify the enrollment process to allow upload of SSH keys
>>     during sign up
>>     >
>>     > It seems to me that even if (3) occurs, there may still be times 
>> where
>>     > some users might not have SSH keys defined while others do.
>>     >
>>     > Thanks,
>>     > Kevin
>>     >
>>     > --
>>     > Kevin Hildebrand
>>     > University of Maryland, College Park
>>
>>