Description of problem:
After replicating a user from 389DS to AD, if I want the user to be deleted
from AD, to avoid the user log in AD, is not sufficient to remove the
attributes related to replication in the user; I must delete manually from AD.
It would be useful if the user would be deleted from AD when the attributes
related to replication are removed, of even best, if an additional attribute is
set to a given value (ntSync: active, inactive).
This would be wrong, because if the user is deleted from AD, and then
re-enabled the replication in 389DS, the password must be set again to be
replicated. An alternate way of avoiding this, is to disable the user account
in AD if the user is not yet configured to be replicated, although this would
not work with groups.
How reproducible / Steps to Reproduce / Actual results / Expected results:
1. Create a user with attributes to be replicated in AD
2. Wait to the user be replicated to AD
3. Remove the NT attributes related to replication
I would expect the user to be deleted from AD, as the user is not yet
configured to be replicated, but the user still exists in AD.
batch update moving tickets to future
set default ticket origin to Community
Added initial screened field value.
Metadata Update from @rmeggins:
- Issue set to the milestone: FUTURE
Metadata Update from @vashirov:
- Custom field reviewstatus adjusted to None (was: Needs Review)
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.