https://bugzilla.redhat.com/show_bug.cgi?id=886127 (Red Hat Enterprise Linux 6)
Description of problem: AD users do not get deleted from IPA server after winsync agreement is deleted. An option to remove AD synced users while deleting the agreement can help admins maintain only IPA users after the winsync is no longer needed. Version-Release number of selected component (if applicable): ipa-server-3.0.0-11.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Setup IPA winsync agreement with AD 2. Check users from AD are synced to IPA server 3. Delete the winsync agreement Actual results: AD synced users still exist on IPA server after deletion of winsync agreement Expected results: AD synced users should also be deleted Additional info: aduser is user synced from AD using IPA winsync [root@rasalghul ~]# ipa user-mod aduser --phone=22-33-44 ---------------------- Modified user "aduser" ---------------------- User login: aduser First name: aduser Last name: ads Home directory: /home/aduser Login shell: /bin/sh UID: 1805200011 GID: 1805200011 Telephone Number: 22-33-44 Account disabled: False Password: True Kerberos keys available: True Deleting sync agreement [root@rasalghul ~]# ipa-replica-manage del squab.adrelm.comSkipping calculation to determine if one or more masters would be orphaned. Deleting replication agreements between squab.adrelm.com and rasalghul.testrelm.com Forcing removal on 'rasalghul.testrelm.com' Deleted replication agreement from 'rasalghul.testrelm.com' to 'squab.adrelm.com' Failed to cleanup squab.adrelm.com DNS entries: SRV record does not contain '0 100 389 squab' You may need to manually remove them from the tree aduser is still available [root@rasalghul ~]# ipa user-show aduser User login: aduser First name: aduser Last name: ads Home directory: /home/aduser Login shell: /bin/sh UID: 1805200011 GID: 1805200011 Telephone Number: 22-33-44 Account disabled: False Password: True Kerberos keys available: True
We need to provide a procedure of how to do it.
Rename component.
Metadata Update from @dpal: - Issue assigned to rcritten - Issue set to the milestone: Future Releases
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.