https://bugzilla.redhat.com/show_bug.cgi?id=768933
Description of problem: After replicating a user from 389DS to AD, if I want the user to be deleted from AD, to avoid the user log in AD, is not sufficient to remove the attributes related to replication in the user; I must delete manually from AD. It would be useful if the user would be deleted from AD when the attributes related to replication are removed, of even best, if an additional attribute is set to a given value (ntSync: active, inactive). This would be wrong, because if the user is deleted from AD, and then re-enabled the replication in 389DS, the password must be set again to be replicated. An alternate way of avoiding this, is to disable the user account in AD if the user is not yet configured to be replicated, although this would not work with groups. How reproducible / Steps to Reproduce / Actual results / Expected results: 1. Create a user with attributes to be replicated in AD 2. Wait to the user be replicated to AD 3. Remove the NT attributes related to replication I would expect the user to be deleted from AD, as the user is not yet configured to be replicated, but the user still exists in AD.
batch update moving tickets to future
set default ticket origin to Community
Added initial screened field value.
Metadata Update from @rmeggins: - Issue set to the milestone: FUTURE
Metadata Update from @vashirov: - Custom field reviewstatus adjusted to None (was: Needs Review) - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/7
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.