Red Hat Bugzilla – Bug 819010
With ldap enabled instance of SAM / Katello remove user has no value
Last modified: 2012-08-02 08:50:03 EDT
Description of problem:
When working in a ldap enabled instance of sam or katello the remove user option has no meaningful value as a user removed can easily login again and (re)acquire all unmodified permissions (s)he previously had.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure ldap instance
2. login with admin
3. navigate to Administrator / Users
4. Select a user
5. Remove User
7. Login as deleted user
Login is successful and user is back in business.
With ldap, either allow r/w access to the ldap to admin users (not necessarily a good idea), or flag a user in the database as disabled (v. delete), or remove the remove user capability all together when warden = ldap.
See comment in: https://bugzilla.redhat.com/show_bug.cgi?id=819002. Remove user allows you to remove all of the details pre-set about an LDAP user.
However, please note that when an LDAP user logs back in, if their user is destroyed via remove_user it will be recreated (with default values)