Description of problem: After replicating a user from 389DS to AD, if I want the user to be deleted from AD, to avoid the user log in AD, is not sufficient to remove the attributes related to replication in the user; I must delete manually from AD. It would be useful if the user would be deleted from AD when the attributes related to replication are removed, of even best, if an additional attribute is set to a given value (ntSync: active, inactive). This would be wrong, because if the user is deleted from AD, and then re-enabled the replication in 389DS, the password must be set again to be replicated. An alternate way of avoiding this, is to disable the user account in AD if the user is not yet configured to be replicated, although this would not work with groups. How reproducible / Steps to Reproduce / Actual results / Expected results: 1. Create a user with attributes to be replicated in AD 2. Wait to the user be replicated to AD 3. Remove the NT attributes related to replication I would expect the user to be deleted from AD, as the user is not yet configured to be replicated, but the user still exists in AD.
Upstream ticket: https://fedorahosted.org/389/ticket/7
marking as screened because it has been cloned upstream
Closing this bug since we moved to the ticket system: https://fedorahosted.org/389/ticket/7