#3300 Option to remove AD synced users on winsync agreement deletion
Closed: wontfix 24 days ago by rcritten. Opened 6 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=886127 (Red Hat Enterprise Linux 6)

Description of problem:
AD users do not get deleted from IPA server after winsync agreement is deleted.
An option to remove AD synced users while deleting the agreement can help
admins maintain only IPA users after the winsync is no longer needed.


Version-Release number of selected component (if applicable):
ipa-server-3.0.0-11.el6.x86_64

How reproducible:
always


Steps to Reproduce:
1. Setup IPA winsync agreement with AD
2. Check users from AD are synced to IPA server
3. Delete the winsync agreement

Actual results:
AD synced users still exist on IPA server after deletion of winsync agreement


Expected results:
AD synced users should also be deleted

Additional info:    aduser is user synced from AD using IPA winsync

    [root@rasalghul ~]# ipa user-mod aduser --phone=22-33-44
    ----------------------
    Modified user "aduser"
    ----------------------
      User login: aduser
      First name: aduser
      Last name: ads
      Home directory: /home/aduser
      Login shell: /bin/sh
      UID: 1805200011
      GID: 1805200011
      Telephone Number: 22-33-44
      Account disabled: False
      Password: True
      Kerberos keys available: True


    Deleting sync agreement

    [root@rasalghul ~]# ipa-replica-manage del  squab.adrelm.comSkipping
calculation to determine if one or more masters would be orphaned.
    Deleting replication agreements between squab.adrelm.com and
rasalghul.testrelm.com
    Forcing removal on 'rasalghul.testrelm.com'
    Deleted replication agreement from 'rasalghul.testrelm.com' to
'squab.adrelm.com'
    Failed to cleanup squab.adrelm.com DNS entries: SRV record does not contain
'0 100 389 squab'
    You may need to manually remove them from the tree


    aduser is still available

    [root@rasalghul ~]# ipa user-show aduser
      User login: aduser
      First name: aduser
      Last name: ads
      Home directory: /home/aduser
      Login shell: /bin/sh
      UID: 1805200011
      GID: 1805200011
      Telephone Number: 22-33-44
      Account disabled: False
      Password: True
      Kerberos keys available: True

We need to provide a procedure of how to do it.

Metadata Update from @dpal:
- Issue assigned to rcritten
- Issue set to the milestone: Future Releases

2 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

24 days ago

Login to comment on this ticket.

Metadata