From f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 20 Nov 2007 22:45:29 -0500
Subject: Enable group inactivation by using the Class of Service plugin.

This adds 2 new groups: activated and inactivated.

If you, or a group you are a member of, is in inactivated then you are too.

If you, or a group you are a member of, is in the activated group, then you
are too.

In a fight between activated and inactivated, activated wins.

The DNs for doing this matching is case and white space sensitive.

The goal is to never have to actually set nsAccountLock in a user directly
but move them between these groups.

We need to decide where in the CLI this will happen. Right it is split
between ipa-deluser and ipa-usermod. To inactivate groups for now just
add the group to inactivate or active.
---
 ipa-server/ipaserver/dsinstance.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ipa-server/ipaserver/dsinstance.py')

diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py
index d1e8f3ab..3cf80f46 100644
--- a/ipa-server/ipaserver/dsinstance.py
+++ b/ipa-server/ipaserver/dsinstance.py
@@ -119,7 +119,7 @@ class DsInstance(service.Service):
     def __setup_sub_dict(self):
         server_root = find_server_root()
         self.sub_dict = dict(FQHN=self.host_name, SERVERID=self.serverid,
-                             PASSWORD=self.dm_password, SUFFIX=self.suffix,
+                             PASSWORD=self.dm_password, SUFFIX=self.suffix.lower(),
                              REALM=self.realm_name, USER=self.ds_user,
                              SERVER_ROOT=server_root)
 
-- 
cgit