During testing I ended up with two managed groups whose users had been removed. I have no idea how it got into this state but to remove these dangling groups right now you need to use ldapmodify. We could incorporate this logic into group-del by seeing if the managed user still exists and if not doing what needs to happen to delete the entry.
Add to documentation.
Not enough time to deal with it in 2.2. Moving to 3.1.
Simo had the idea of making a 'fsck' command for IPA where we could check for different kinds of instability, this one included.
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: Ticket Backlog
Can be done as part of healthcheck tool.
Metadata Update from @rcritten: - Issue close_status updated to: None
For private groups, the ipa group-detach command allows to detach the group and then remove it. For other managed groups, it's unclear how to get into this situation. Closing the issue, feel free to re-open if a reproducer is found.
ipa group-detach
Metadata Update from @frenaud: - Issue close_status updated to: insufficientinfo - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.