From: Michael Tremer Date: Wed, 28 Jun 2023 12:05:50 +0000 (+0000) Subject: accounts: Actually delete users from LDAP X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1118f2b1cccacea60c7f0721c35ccbcbac86b74d;p=ipfire.org.git accounts: Actually delete users from LDAP Signed-off-by: Michael Tremer --- diff --git a/src/backend/accounts.py b/src/backend/accounts.py index 9834c219..74dea723 100644 --- a/src/backend/accounts.py +++ b/src/backend/accounts.py @@ -164,6 +164,15 @@ class LDAPObject(Object): def _delete_string(self, key, value): return self._delete_strings(key, [value,]) + def _delete_dn(self, dn): + logging.debug("Deleting %s" % dn) + + # Authenticate before performing any delete operations + self.accounts._authenticate() + + # Run delete operation + self.ldap.delete_s(dn) + @property def objectclasses(self): return self._get_strings("objectClass") @@ -699,6 +708,10 @@ class Account(LDAPObject): # Delete cached attributes self.memcache.delete("accounts:%s:attrs" % self.dn) + @property + def kerberos_principal_dn(self): + return "krbPrincipalName=%s@IPFIRE.ORG,cn=IPFIRE.ORG,cn=krb5,dc=ipfire,dc=org" % self.uid + @lazy_property def kerberos_attributes(self): res = self.backend.accounts._query( @@ -874,6 +887,8 @@ class Account(LDAPObject): if not self.can_be_deleted_by(user): raise RuntimeError("Cannot delete user %s" % self) + logging.info("Deleting user %s" % self) + async with asyncio.TaskGroup() as tasks: t = datetime.datetime.now() @@ -884,7 +899,8 @@ class Account(LDAPObject): # XXX Delete on Discourse - # XXX Delete on LDAP + # Delete on LDAP + self._delete() def can_be_deleted_by(self, user): """ @@ -901,6 +917,16 @@ class Account(LDAPObject): # Looks okay return True + def _delete(self): + """ + Deletes this object from LDAP + """ + # Delete the Kerberos Principal + self._delete_dn(self.kerberos_principal_dn) + + # Delete this object + self._delete_dn(self.dn) + # Nickname def get_nickname(self):