Description Michael Grandjean 2020-10-09 17:26:16 CEST

It would be great to have some kind of "Recycle Bin" functionality in UCS.

Scenario: I accidentally delete a user object via UMC or UDM. Instead of actually deleting it, the user object could be a) deactivated and b) moved to a dedicated "Recycle Bin"-tree in the LDAP tree (e.g. OU=recyclebin).
In this case the user could easily be "restored".

Moving a user to the recycle bin could be the default, but there has to be a checkbox/option to bypass the recycle bin, so we can still completely delete a user (just think "DEL" vs. "SHIFT+DEL" on your keyboard).

Variant: In UCS@school the userimport is usually configured to not directly delete users but to deactivate them now and delete them weeks later. Unfortunately, those deactivated users are still visible in all UCS@school modules, take part in the exam mode and are still present and available in external applications. By moving them to a special OU, they would disappear from most of these use cases.

Side effect: unique attributes of the user (username, SID, uidNumber ...) cannot be re-used by a new user as long as the "deleted" user exists in the recycle bin.

Possible obstacles:
- S4- and AD-Connector should probably not just move the user object in Samba/AD, but delete it there because AD has its own concepts for "Deleted objects".
- I thought about having a recycle bin for _all_ LDAP objects and not just for users, but I think there are too many special cases where this wouldn't be a good choice (e.g. objects in cn=temporary).