This patch fixes a regression which was caused by incorrect refactoring of user-del command in commit c6299a8cfde7d4e4bb9a50e3cf6406667cee0a6f

While the `remove_ipaobject_overrides` function was originally called in the execute method, this patch puts it into the pre-callback because:


1.) it is called in pre-callback of group-del
2.) by putting it into pre-callback the overrides are removed for each entry when multiple primary keys are specified (maybe it would be good to have a test case for this?) 3.) since LDAPDelete does not return any entry attributes (it is a delete after all), it is not possible to put it into post-callback without hacking either the function itself or LDAPDelete class
4.) due to this design you have to call it before execution anyway


https://fedorahosted.org/freeipa/ticket/5365

--
Martin^3 Babinsky
From 701791a439656db6f58e5dd797fae864cdc0dff8 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Tue, 13 Oct 2015 12:31:13 +0200
Subject: [PATCH] remove ID overrides when deleting a user

patch fixes a regression introduced during user-del refactoring

https://fedorahosted.org/freeipa/ticket/5365
---
 ipalib/plugins/user.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index e7f128a331f23ff109107f78456cf0b7f840f82b..848836cd15add707f002b032e31c54d520472bb7 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -688,6 +688,12 @@ class user_del(baseuser_del):
                 else:
                     self.api.Command.otptoken_del(token)
 
+        # Remove any ID overrides tied with this user
+        try:
+            remove_ipaobject_overrides(self.obj.backend, self.obj.api, dn)
+        except errors.NotFound:
+            self.obj.handle_not_found(*keys)
+
         return dn
 
     def execute(self, *keys, **options):
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to