'user-status uid' command lists failed login counts and times from all replicas.
'user-unlock uid' can only unlock user on current replica, not the others. So admin can't unlock user acc without connecting to other replicas.
Proposal: 'user-unlock uid' should unlock user on all replicas or only on the ones specified by an option ie: '--server replica.host.name --server replica2.host.name'.
This RFE will allow to implement #2792.
Instead of this, we might go straight for #3027 Replicate account lockout
3.4 development was shifted for one month, moving tickets to reflect reality better.
We decided to lower priority of this ticket for 3.4 release, it may get pushed out of 3.4 if not addressed.
Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.
See related upstream discussion on freeipa-devel.
We decided to not do (suboptimal) unlocking mechanism, but rather wait until the backend support (#4302) is ready and allowa a reliable approach.
Metadata Update from @pvoborni: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5 backlog
Login to comment on this ticket.