fixes tickets:

https://fedorahosted.org/freeipa/ticket/5362
https://fedorahosted.org/freeipa/ticket/5372

Upon discussion with Simo we decided that OTP tokens should be orphaned/deleted also during the user preservation.

--
Martin^3 Babinsky
From 635754c3773b1db5550fe19ad6f0a84e84d36459 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Fri, 16 Oct 2015 19:16:46 +0200
Subject: [PATCH] execute user-del pre-callback also during user preservation

user preservation code was not using the pre-callback function which did check
whether a protected member is being deleted and facilitated the
orphaning/deletion of OTP tokens owner/managed by the user.

https://fedorahosted.org/freeipa/ticket/5362
https://fedorahosted.org/freeipa/ticket/5372
---
 ipalib/plugins/user.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index e3397f03d91377770efaeae3fbc710bfce668f13..31d7b1d6decadd5bf5d4cf148d15f4426fc77f49 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -618,6 +618,10 @@ class user_del(baseuser_del):
         except errors.NotFound:
             self.obj.handle_not_found(pkey)
 
+        for callback in self.get_callbacks('pre'):
+            dn = callback(self, ldap, dn, [pkey], **options)
+            assert isinstance(dn, DN)
+
         # start to move the entry to Delete container
         self._exc_wrapper(pkey, options, ldap.move_entry)(dn, delete_dn,
                                                           del_old=True)
@@ -673,6 +677,9 @@ class user_del(baseuser_del):
 
         check_protected_member(keys[-1])
 
+        if dn.endswith(DN(self.obj.delete_container_dn, api.env.basedn)):
+            return dn
+
         # Delete all tokens owned and managed by this user.
         # Orphan all tokens owned but not managed by this user.
         owner = self.api.Object.user.get_primary_key_from_dn(dn)
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to