User life cycle: support of user-undel

add user plugin commands : user-undel user-undel: moves a user from delete container to the active container https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-05-08 18:58:57 +02:00 · 2015-05-08 18:58:57 +02:00 · 0b644ebc96
commit 0b644ebc96
parent 2744326147
2 changed files with 53 additions and 1 deletions
--- a/API.txt
+++ b/API.txt
@ -4697,6 +4697,13 @@ output: Output('count', <type 'int'>, None)
 output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('truncated', <type 'bool'>, None)
 command: user_undel
 args: 1,1,3
 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True)
 option: Str('version?', exclude='webui')
 output: Output('result', <type 'bool'>, None)
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: user_unlock
 args: 1,1,3
 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True)
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@ -614,7 +614,7 @@ class user_del(baseuser_del):
                raise
            # start to move the entry to Delete container
-            self._exc_wrapper(keys, options, ldap.update_entry_rdn)(active_dn, new_rdn=active_dn[0], new_superior=superior_dn, del_old=True)
+            self._exc_wrapper(keys, options, ldap.move_entry)(active_dn, delete_dn, del_old=True)
            # Then clear the credential attributes
            attrs_to_clear = ['krbPrincipalKey', 'krbLastPwdChange', 'krbPasswordExpiration', 'userPassword']
@ -738,6 +738,51 @@ class user_show(baseuser_show):
        self.post_common_callback(ldap, dn, entry_attrs, **options)
        return dn
@register()
 class user_undel(LDAPQuery):
    __doc__ = _('Undelete a delete user account.')
    has_output = output.standard_value
    msg_summary = _('Undeleted user account "%(value)s"')
    def execute(self, *keys, **options):
        ldap = self.obj.backend
        # First check that the user exists and is a delete one
        delete_dn = self.obj.get_dn(*keys, **options)
        if delete_dn.endswith(DN(self.obj.active_container_dn, api.env.basedn)):
            raise errors.ValidationError(
                        name=self.obj.primary_key.cli_name,
                        error=_('User %r is already active') % keys[-1][0])
        try:
            entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(delete_dn)
        except errors.NotFound:
            raise errors.ValidationError(
                        name=self.obj.primary_key.cli_name,
                        error=_('User %r not found') % keys[-1][0])
        active_dn = DN(delete_dn[0], self.obj.active_container_dn, api.env.basedn)
        # start to move the entry to the Active container
        self._exc_wrapper(keys, options, ldap.move_entry)(delete_dn, active_dn, del_old=True)
        # add the user we just undelete into the default primary group
        config = ldap.get_ipa_config()
        def_primary_group = config.get('ipadefaultprimarygroup')
        group_dn = self.api.Object['group'].get_dn(def_primary_group)
        # if the user is already a member of default primary group,
        # do not raise error
        # this can happen if automember rule or default group is set
        try:
            ldap.add_entry_to_group(active_dn, group_dn)
        except errors.AlreadyGroupMember:
            pass
        return dict(
            result=True,
            value=pkey_to_value(keys[0], options),
        )
@register()
 class user_disable(LDAPQuery):