Bug 768933

Summary: Delete users/groups from AD after removing NT replication attributes from directory
Product: [Retired] 389 Reporter: Juan <okelet>
Component: Sync ServiceAssignee: Rich Megginson <rmeggins>
Status: CLOSED DEFERRED QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.2.5CC: nhosoi, okelet
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 19:24:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Juan 2011-12-19 13:08:23 UTC 
Description of problem:

After replicating a user from 389DS to AD, if I want the user to be deleted from AD, to avoid the user log in AD, is not sufficient to remove the attributes related to replication in the user; I must delete manually from AD. It would be useful if the user would be deleted from AD when the attributes related to replication are removed, of even best, if an additional attribute is set to a given value (ntSync: active, inactive).

This would be wrong, because if the user is deleted from AD, and then re-enabled the replication in 389DS, the password must be set again to be replicated. An alternate way of avoiding this, is to disable the user account in AD if the user is not yet configured to be replicated, although this would not work with groups.


How reproducible / Steps to Reproduce / Actual results / Expected results:

1. Create a user with attributes to be replicated in AD
2. Wait to the user be replicated to AD
3. Remove the NT attributes related to replication

I would expect the user to be deleted from AD, as the user is not yet configured to be replicated, but the user still exists in AD.
Comment 1 Martin Kosek 2012-01-04 13:05:41 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/7
Comment 2 Rich Megginson 2012-01-10 18:04:18 UTC 
marking as screened because it has been cloned upstream
Comment 4 Noriko Hosoi 2015-11-19 19:24:55 UTC 
Closing this bug since we moved to the ticket system:
https://fedorahosted.org/389/ticket/7