When removing an user via CLI (ipa user-del) or Web UI and the user has associated ID Overrides, then these overrides are not removed from under cn=<view>,cn=views,cn=accounts,<dc-domain>.
As a consequence browsing/searching ID overrides breaks until the entries are manually deleted.
Reproduce like this:
ipa idview-add empty ipa idview-add notempty ipa user-add break-id-override --first=first --last=last ipa idoverrideuser-add notempty break-id-override --uid=1234 ipa user-del break-id-override ipa idoverrideuser-find empty --------------------------- 0 User ID overrides matched --------------------------- ---------------------------- Number of entries returned 0 ---------------------------- ipa idoverrideuser-find notempty ipa: ERROR: no such entry
The last command is expected to show similar output to the second last instead of failing.
While not tested, the same problem likely manifests on groups and group overrides.
master:
ipa-4-1:
Metadata Update from @clauluck: - Issue assigned to tbabej - Issue set to the milestone: FreeIPA 4.1.5
Login to comment on this ticket.