On Fri, 22 Jan 2010 10:50:59 -0500
Dmitri Pal <dpal(a)redhat.com> wrote:
I generally agree with Simo but I think that user or group should
never be deleted but rather marked as deleted.
This way in special cases like when entry is expired but user is
logged SSSD would still be able to use user information ignoring the
fact that the entry is marked as deleted.
What would be the utility of marking an entry as deleted ?
If you don't want to delete it just don't.
If you read my follow up, one of the condition to remove an entry is
that it is not referenced by the user entry of a logged in user.
Simo.
--
Simo Sorce * Red Hat, Inc * New York