[Freeipa-users] deleting ipa user

[Tomas Babej]

On 04/30/2015 02:31 PM, Andy Thompson wrote:
>>> It appears that f82 is the user object and f87 is the group object.  So you are
>> right, I don't think f82 is what we were looking for, it just happened to have
>> the username in it when I grepped without filtering the uniqueid.  I'm not
>> sure why it was having problems with the user group object, but I don't have
>> individual group objects showing up for any local accounts I've created.
>> You are right. I think the private group of a user is/should be deleted at the
>> same time when you delete a user.
> Is it normal that private groups do not show up in the user group listing or with ipa group-find commands?  I thought I remembered seeing them on a freeipa 3 installation but I've checked a couple 4 installs and they don't show up.

User private groups should not show up in the results of ipa group-* 
commands. I'm not sure what you meant by "user group listing",
but they should show up when running the "id" command.

>
> I just had a random issue a little bit ago with another account when I checked the user groups in the web interface it popped with an unknown error dialog.  I have not been able to reproduce it again and don't see anything in the error logs or access log which would indicate any problems.
>
>>> All that being said, I put 389-ds-base-1.3.3.1-16.el7_1.x86_64 on the box
>> yesterday and the error has not shown since.  So I'm not sure if it was
>> because of the minor upgrade or cycling the daemon.
>> The logs gave a lot of information but without a test case it could be difficult
>> to identify the RC.
>> Now as I mentioned I hit (with a non systematic test case) an other bug when
>> deleting a user. It was impossible to remove the entry/group. In this bug I
>> tested on standalone instance but on replicated topology I wonder if it could
>> have the same symptom.
>>
> I've not been able to reproduce the issue in my sandbox environment so I'm not sure.  It is also replicated.
>
> -andy
>