fixes tickets: https://fedorahosted.org/freeipa/ticket/5362 https://fedorahosted.org/freeipa/ticket/5372
Upon discussion with Simo we decided that OTP tokens should be orphaned/deleted also during the user preservation.
-- Martin^3 Babinsky
From 635754c3773b1db5550fe19ad6f0a84e84d36459 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Fri, 16 Oct 2015 19:16:46 +0200 Subject: [PATCH] execute user-del pre-callback also during user preservation user preservation code was not using the pre-callback function which did check whether a protected member is being deleted and facilitated the orphaning/deletion of OTP tokens owner/managed by the user. https://fedorahosted.org/freeipa/ticket/5362 https://fedorahosted.org/freeipa/ticket/5372 --- ipalib/plugins/user.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index e3397f03d91377770efaeae3fbc710bfce668f13..31d7b1d6decadd5bf5d4cf148d15f4426fc77f49 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -618,6 +618,10 @@ class user_del(baseuser_del): except errors.NotFound: self.obj.handle_not_found(pkey) + for callback in self.get_callbacks('pre'): + dn = callback(self, ldap, dn, [pkey], **options) + assert isinstance(dn, DN) + # start to move the entry to Delete container self._exc_wrapper(pkey, options, ldap.move_entry)(dn, delete_dn, del_old=True) @@ -673,6 +677,9 @@ class user_del(baseuser_del): check_protected_member(keys[-1]) + if dn.endswith(DN(self.obj.delete_container_dn, api.env.basedn)): + return dn + # Delete all tokens owned and managed by this user. # Orphan all tokens owned but not managed by this user. owner = self.api.Object.user.get_primary_key_from_dn(dn) -- 2.4.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code