Bug 819010 - With ldap enabled instance of SAM / Katello remove user has no value
With ldap enabled instance of SAM / Katello remove user has no value
Status: CLOSED NOTABUG
Product: Subscription Asset Manager
Classification: Red Hat
Component: katello (Show other bugs)
1.0.0
Unspecified Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Bryan Kearney
SAM QE List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-04 11:04 EDT by Eric Sammons
Modified: 2012-08-02 08:50 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-07 15:29:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eric Sammons 2012-05-04 11:04:24 EDT
Description of problem:
When working in a ldap enabled instance of sam or katello the remove user option has no meaningful value as a user removed can easily login again and (re)acquire all unmodified permissions (s)he previously had.

Version-Release number of selected component (if applicable):
katello-headpin-all-0.2.6-1.el6_2.noarch

Steps to Reproduce:
1. Configure ldap instance
2. login with admin
3. navigate to Administrator / Users
4. Select a user
5. Remove User
6. Logout
7. Login as deleted user
  
Actual results:
Login is successful and user is back in business.

Expected results:
With ldap, either allow r/w access to the ldap to admin users (not necessarily a good idea), or flag a user in the database as disabled (v. delete), or remove the remove user capability all together when warden = ldap.

Additional info:
Comment 1 Jordan OMara 2012-05-07 15:10:52 EDT
See comment in: https://bugzilla.redhat.com/show_bug.cgi?id=819002. Remove user allows you to remove all of the details pre-set about an LDAP user. 

However, please note that when an LDAP user logs back in, if their user is destroyed via remove_user it will be recreated (with default values)

Note You need to log in before you can comment on or make changes to this bug.