this patch prevents https://fedorahosted.org/freeipa/ticket/5234 from
happening.
--
Martin^3 Babinsky
From a01ceb4906cb35141c664ba94c088f4e29209b68 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <[email protected]>
Date: Wed, 19 Aug 2015 14:43:14 +0200
Subject: [PATCH] raise an error when trying to preserve an already preserved
user
this also fixes a case when a user is permanently deleted when `ipa user-del
--preserve` is accidentally called multiple times on the same uid.
https://fedorahosted.org/freeipa/ticket/5234
---
ipalib/plugins/user.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 1d6073b4240d963e2b047c20fe5b8be702ef3184..1659830d77c822887ea7e6d0f293db02bffb3250 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -639,12 +639,16 @@ class user_del(baseuser_del):
delete_container = DN(self.obj.delete_container_dn, self.api.env.basedn)
user_from_delete_container = dn.endswith(delete_container)
- if not options.get('preserve', True) or user_from_delete_container:
+ if not options.get('preserve', False):
# Remove any ID overrides tied with this user
remove_ipaobject_overrides(self.obj.backend, self.obj.api, dn)
# Issue a true DEL on that entry
return super(user_del, self).execute(*keys, **options)
+ elif user_from_delete_container:
+ raise errors.ExecutionError(
+ _('One or more users are already preserved')
+ )
# The user to delete is active and there is no 'no_preserve' option
if options.get('preserve', False):
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
