On 08/19/2015 06:28 PM, Martin Babinsky wrote:
On 08/19/2015 02:54 PM, Martin Babinsky wrote:
this patch prevents https://fedorahosted.org/freeipa/ticket/5234 from
happening.



Actually, we (myself, mbasti, jcholast) found out that `user-del --preserve` could use some more usability improvements.

This quick patch should fix both https://fedorahosted.org/freeipa/ticket/5234 and https://fedorahosted.org/freeipa/ticket/5236 and make user preservation operate on multiple arguments in a same way as plain deletion.



Hi Martin,

This is curious it is looking like in my test the fix does not prevent the deletion:

   [root@vm-141 freeipa]# ipa user-del ttest1 --preserve
   ---------------------
   Deleted user "ttest1"
   ---------------------
   [root@vm-141 freeipa]# ipa user-del ttest1 --preserve
   ---------------------
   Deleted user "ttest1"
   ---------------------
   [root@vm-141 freeipa]# ipa user-find ttest1 --preserve=true
   ---------------
   0 users matched
   ---------------
   ----------------------------
   Number of entries returned 0
   ----------------------------


   [20/Aug/2015:11:00:33 +0200] conn=124 op=9 MODRDN
   
dn="uid=ttest1,cn=users,cn=accounts,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
   newrdn="uid=ttest1" newsuperior="cn=deleted
   
users,cn=accounts,cn=provisioning,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
   [20/Aug/2015:11:00:33 +0200] conn=124 op=9 RESULT err=0 tag=109
   nentries=0 etime=0
   ...
   [20/Aug/2015:11:00:44 +0200] conn=125 op=14 SRCH
   base="uid=ttest1,cn=deleted
   
users,cn=accounts,cn=provisioning,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
   scope=0 filter="(objectClass=*)" attrs="distinguishedName"
   [20/Aug/2015:11:00:44 +0200] conn=125 op=14 RESULT err=0 tag=101
   nentries=1 etime=0
   [20/Aug/2015:11:00:44 +0200] conn=125 op=15 DEL
   dn="uid=ttest1,cn=deleted
   
users,cn=accounts,cn=provisioning,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
   [20/Aug/2015:11:00:44 +0200] conn=125 op=15 RESULT *err=0* tag=107
   nentries=0 etime=0
   ...
   [20/Aug/2015:11:00:57 +0200] conn=126 op=5 SRCH base="cn=deleted
   
users,cn=accounts,cn=provisioning,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com"
   scope=1
   
filter="(&(|(telephoneNumber=*ttest1*)(uid=*ttest1*)(title=*ttest1*)(sn=*ttest1*)(ou=*ttest1*)(givenName=*ttest1*))(objectClass=posixaccount))"
   attrs="telephoneNumber sshpubkeyfp uid title loginShell uidNumber
   gidNumber sn homeDirectory mail givenName nsAccountLock"
   [20/Aug/2015:11:00:57 +0200] conn=126 op=5 RESULT err=0 tag=101
   *nentries=0* etime=0



-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to