From 1118f2b1cccacea60c7f0721c35ccbcbac86b74d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 28 Jun 2023 12:05:50 +0000 Subject: [PATCH] accounts: Actually delete users from LDAP Signed-off-by: Michael Tremer --- src/backend/accounts.py | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/src/backend/accounts.py b/src/backend/accounts.py index 9834c219..74dea723 100644 --- a/src/backend/accounts.py +++ b/src/backend/accounts.py @@ -164,6 +164,15 @@ class LDAPObject(Object): def _delete_string(self, key, value): return self._delete_strings(key, [value,]) + def _delete_dn(self, dn): + logging.debug("Deleting %s" % dn) + + # Authenticate before performing any delete operations + self.accounts._authenticate() + + # Run delete operation + self.ldap.delete_s(dn) + @property def objectclasses(self): return self._get_strings("objectClass") @@ -699,6 +708,10 @@ class Account(LDAPObject): # Delete cached attributes self.memcache.delete("accounts:%s:attrs" % self.dn) + @property + def kerberos_principal_dn(self): + return "krbPrincipalName=%s@IPFIRE.ORG,cn=IPFIRE.ORG,cn=krb5,dc=ipfire,dc=org" % self.uid + @lazy_property def kerberos_attributes(self): res = self.backend.accounts._query( @@ -874,6 +887,8 @@ class Account(LDAPObject): if not self.can_be_deleted_by(user): raise RuntimeError("Cannot delete user %s" % self) + logging.info("Deleting user %s" % self) + async with asyncio.TaskGroup() as tasks: t = datetime.datetime.now() @@ -884,7 +899,8 @@ class Account(LDAPObject): # XXX Delete on Discourse - # XXX Delete on LDAP + # Delete on LDAP + self._delete() def can_be_deleted_by(self, user): """ @@ -901,6 +917,16 @@ class Account(LDAPObject): # Looks okay return True + def _delete(self): + """ + Deletes this object from LDAP + """ + # Delete the Kerberos Principal + self._delete_dn(self.kerberos_principal_dn) + + # Delete this object + self._delete_dn(self.dn) + # Nickname def get_nickname(self): -- 2.47.3