diff options
author | Tomas Babej <tbabej@redhat.com> | 2015-05-27 16:30:48 +0200 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-07-01 13:06:40 +0200 |
commit | e21dad4e1c37bc171a4bc6095a8c9bdd2cc53f5c (patch) | |
tree | 0a57e879fc6e558135a75b1aeb1bf49814e11065 /ipalib/plugins/user.py | |
parent | 77b64e60231492b7c009a32bcf0cbdcd5ef9922a (diff) | |
download | freeipa-e21dad4e1c37bc171a4bc6095a8c9bdd2cc53f5c.tar.gz freeipa-e21dad4e1c37bc171a4bc6095a8c9bdd2cc53f5c.tar.xz freeipa-e21dad4e1c37bc171a4bc6095a8c9bdd2cc53f5c.zip |
idviews: Remove ID overrides for permanently removed users and groups
For IPA users and groups we are able to trigger a removal of
any relevant ID overrides in user-del and group-del commands.
https://fedorahosted.org/freeipa/ticket/5026
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipalib/plugins/user.py')
-rw-r--r-- | ipalib/plugins/user.py | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index d2404e2ed..0b90519b2 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -31,6 +31,7 @@ from ipalib.plugins.baseuser import baseuser, baseuser_add, baseuser_del, \ status_baseuser_output_params, baseuser_pwdchars, \ validate_nsaccountlock, radius_dn2pk, convert_nsaccountlock, split_principal, validate_principal, \ normalize_principal, fix_addressbook_permission_bindrule +from ipalib.plugins.idviews import remove_ipaobject_overrides from ipalib.plugable import Registry from ipalib.plugins.baseldap import * from ipalib.plugins import baseldap @@ -620,11 +621,15 @@ class user_del(baseuser_del): dn = self.obj.get_dn(*keys, **options) - if (not options.get('preserve', True) or - dn.endswith(DN(self.obj.delete_container_dn, - self.api.env.basedn))): - # We are going to permanent delete or the user is already in the delete container. - # So we issue a true DEL on that entry + # We are going to permanent delete or the user is already in the delete container. + delete_container = DN(self.obj.delete_container_dn, self.api.env.basedn) + user_from_delete_container = dn.endswith(delete_container) + + if not options.get('preserve', True) or user_from_delete_container: + # Remove any ID overrides tied with this user + remove_ipaobject_overrides(self.obj.backend, self.obj.api, dn) + + # Issue a true DEL on that entry return super(user_del, self).execute(*keys, **options) # The user to delete is active and there is no 'no_preserve' option |