This patch fixes a regression which was caused by incorrect refactoring of user-del command in commit c6299a8cfde7d4e4bb9a50e3cf6406667cee0a6f

While the `remove_ipaobject_overrides` function was originally called in the execute method, this patch puts it into the pre-callback because:

1.) it is called in pre-callback of group-del
2.) by putting it into pre-callback the overrides are removed for each entry when multiple primary keys are specified (maybe it would be good to have a test case for this?) 3.) since LDAPDelete does not return any entry attributes (it is a delete after all), it is not possible to put it into post-callback without hacking either the function itself or LDAPDelete class
4.) due to this design you have to call it before execution anyway

Martin^3 Babinsky
From 701791a439656db6f58e5dd797fae864cdc0dff8 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <>
Date: Tue, 13 Oct 2015 12:31:13 +0200
Subject: [PATCH] remove ID overrides when deleting a user

patch fixes a regression introduced during user-del refactoring
 ipalib/plugins/ | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ipalib/plugins/ b/ipalib/plugins/
index e7f128a331f23ff109107f78456cf0b7f840f82b..848836cd15add707f002b032e31c54d520472bb7 100644
--- a/ipalib/plugins/
+++ b/ipalib/plugins/
@@ -688,6 +688,12 @@ class user_del(baseuser_del):
+        # Remove any ID overrides tied with this user
+        try:
+            remove_ipaobject_overrides(self.obj.backend, self.obj.api, dn)
+        except errors.NotFound:
+            self.obj.handle_not_found(*keys)
         return dn
     def execute(self, *keys, **options):

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA:

Reply via email to