When deleting a group/hostgroup, the corresponding automember rule should be deleted automatically. Currently that's not the case. See the following example:
Add a group:
# ipa group-add --desc="Developers" devel ------------------- Added group "devel" ------------------- Group name: devel Description: Developers GID: 347000011
Add an automember rule for the group:
# ipa automember-add --type=group devel ----------------------------- Added automember rule "devel" ----------------------------- Automember Rule: devel
Delete the group:
# ipa group-del devel --------------------- Deleted group "devel" ---------------------
The automember rule for the group still exists:
# ipa automember-find --type=group --------------- 1 rules matched --------------- Automember Rule: devel ---------------------------- Number of entries returned 1 ----------------------------
Does it cause any failures when a user is added or the rule just ignored? If it is just ignored I would say that it is Ok to leave as is.
I tried adding a rule condition, there is no error when adding a user matching the condition, so the rule is ignored when the group is missing. When the group is added again, the rule will continue to function as before. Should we defer it to 3.x?
I think we should fix this eventually though it is not critical. This represents extra processing each time a user or host entry is added or updated.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=788654
Metadata Update from @edewata: - Issue assigned to rcritten - Issue set to the milestone: Ticket Backlog
This was addressed differently in https://pagure.io/freeipa/issue/6476 by providing a method of finding orphaned entries.
7f50751
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.