This patch fixes a regression which was caused by incorrect refactoring
of user-del command in commit c6299a8cfde7d4e4bb9a50e3cf6406667cee0a6f
While the `remove_ipaobject_overrides` function was originally called in
the execute method, this patch puts it into the pre-callback because:
1.) it is called in pre-callback of group-del
2.) by putting it into pre-callback the overrides are removed for each
entry when multiple primary keys are specified (maybe it would be good
to have a test case for this?)
3.) since LDAPDelete does not return any entry attributes (it is a
delete after all), it is not possible to put it into post-callback
without hacking either the function itself or LDAPDelete class
4.) due to this design you have to call it before execution anyway
https://fedorahosted.org/freeipa/ticket/5365
--
Martin^3 Babinsky
From 701791a439656db6f58e5dd797fae864cdc0dff8 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Tue, 13 Oct 2015 12:31:13 +0200
Subject: [PATCH] remove ID overrides when deleting a user
patch fixes a regression introduced during user-del refactoring
https://fedorahosted.org/freeipa/ticket/5365
---
ipalib/plugins/user.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index e7f128a331f23ff109107f78456cf0b7f840f82b..848836cd15add707f002b032e31c54d520472bb7 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -688,6 +688,12 @@ class user_del(baseuser_del):
else:
self.api.Command.otptoken_del(token)
+ # Remove any ID overrides tied with this user
+ try:
+ remove_ipaobject_overrides(self.obj.backend, self.obj.api, dn)
+ except errors.NotFound:
+ self.obj.handle_not_found(*keys)
+
return dn
def execute(self, *keys, **options):
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
