#5026 IPA Error 4001: NotFound when browsing ID View after user/group was deleted
Closed: Fixed None Opened 8 years ago by clauluck.

When removing an user via CLI (ipa user-del) or Web UI and the user has associated ID Overrides,
then these overrides are not removed from under cn=<view>,cn=views,cn=accounts,<dc-domain>.

As a consequence browsing/searching ID overrides breaks until the entries are manually deleted.

Reproduce like this:

ipa idview-add empty
ipa idview-add notempty
ipa user-add break-id-override --first=first --last=last
ipa idoverrideuser-add notempty break-id-override --uid=1234
ipa user-del break-id-override

ipa idoverrideuser-find empty
---------------------------
0 User ID overrides matched
---------------------------
----------------------------
Number of entries returned 0
----------------------------

ipa idoverrideuser-find notempty
ipa: ERROR: no such entry

The last command is expected to show similar output to the second last instead of failing.

While not tested, the same problem likely manifests on groups and group overrides.


master:

  • 77b64e6 idviews: Allow users specify the raw anchor directly as identifier

ipa-4-1:

  • 7e61317 idviews: Allow users specify the raw anchor directly as identifier

master:

  • e21dad4 idviews: Remove ID overrides for permanently removed users and groups

ipa-4-1:

  • 12f3da5 idviews: Remove ID overrides for permanently removed users and groups

Metadata Update from @clauluck:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 4.1.5

7 years ago

Login to comment on this ticket.

Metadata