Webtop: Deleted user still shows up in other users with sharing access

I created a user testuser and gave another user access to its inbox, calender, contact ans tasks. Then I deleted this user, but the its calender, contact, task and cloud items are still displayed in the user having access. How to get rid of these entries and delete the data?

Hi @carsten,
I guess you deleted the user “testuser” on Nethservice directly on the provider account.
It is necessary to specify that deleting a user from the provider account does not perform any cleaning action towards the applications on which a profile had been activated with that user deleted.

For this reason, it is advisable to first delete the user with his webtop data, then AFTER delete the user from the provider account.
To do this you must access the webtop admin panel -> user list -> select the user to be deleted -> “Remove” button at the top -> Data only.
In case of shares, I suggest you first delete the shares then delete the profile from the webtop;)

In your case, you can recreate the user “testuser” on the provider account in order to make the user appear also on the webtop and proceed with the removal of the profile as recommended.

BR

The mail data (maildir) gets removed by the nethserver trigger.
Is there no possibility for Webtop to subscribe to the user deletion event from Nethserver to do the cleanup?

No, data on linked applications is not affected by Nethserver events.
The same thing happens with Nextcloud to understand us better :wink:

I think that what you’re asking for has few pros, and some bad, bad cons, @carsten.
The first and bigger one that came to me is that at the user deletion, the login is no more allowed, but all the data related to the user (also messages) is still available on the server…

1 Like

I don’t think so, since in the case of Webtop the mail data IS automatically deleted from nethserver when the user is deleted, as I wrote in my comment above. Only some inconsistent references in webtop stay there. So, if mail data is deleted, the webtop trigger should also remove references to the deleted user and mail data.

For preventing a user to login there is already a special task in the user manager to disable the user. Then the data is kept, but if you DELETE the user, I think everything should be deleted. It also is a security/privacy issue, when I later (after month) add a user with the same name, which then inherits rights or data from the former one.

I am afraid you are missing that the contents of the mailbox that is deleted together with the user is not part of the webtop data.
For webtop mail it should be considered as an IMAP client.
So it is correct that Nethservice deletes its data when deleting the user but it is also equally correct that the data that is contained on the webtop database (calendars, address books, tasks, shares) is not deleted.
As I explained to you, the webtop data must be deleted on the webtop before deleting the user :wink:

I understand, that there are missing nethserver event subscription to tidy everything up, and I suggest, that Webtop should do this. This is the main philosophy and advantage of nethserver compared to the plain OS: You just change a certain configuration and all depending applications get updated.

Many applications have sync function with Samba/AD when it comes to user accounts. It looks like they have the same users as the accountprovider, but under the hood they sync the accountprovider accounts to their own user database. I know this is the case with Moodle. Is this the case with webtop too?

When I add a new user in Nethserver, it can login immediaetly into Webtop, so webtop acknowledges the adding of a user. So it should acknowledge its deletion.

Maybe it’s better to clarify what the current mechanism is :wink:

WebTop is automatically provisioned to be able to read the users present in the list of the provider account configured on Nethservice.
A new user created on Nethservice is shown in the list of WebTop users (on the admin panel -> Users) but until the first login is made this user is not yet present in the WebTop database, for WebTop it still does not exist it is only a “potential” new user.
When the first login is made, a profile is generated on the database and from that moment he is also a WebTop user.

If you no longer want to have that profile present in the database, you must delete it from WebTop via the admin panel (as I have already specified).

We consider it incorrect, and even dangerous, to automatically remove all user profiles on the various application modules (WebTop, Nextcloud, …) when deleting a user from the provider account.
Furthermore, if the provider account was remote (AD Microsoft, other Nethservice, third-party LDAP server, …) it would NEVER be possible to have this automation.

I hope I have clarified the reasons for the current implementation better :slightly_smiling_face:

BR

2 Likes

What is dangerous deleting hanging references? In case of Webtop, the mail data is gone anyway. Deleting a user deletes all of the data. That should be no surprise.

There seems to be no trigger for adding and deleting users from the account provider, so you created the user “lazy”. By the same means the deleted users from the account provider could be deleted “lazy”.

Maybe it could be an option in nethserver to delete all the data or keep it, i.e. also to keep the mail data if the “Keep data option” is checked. Currently, the mail data will be deleted without choice.

@carsten

Even though I myself do not use Webtop at all, I must defend the logic behind their implementation, the same goes for Nextcloud, which I do use…

I do not think this is a good idea!

A lot of people here use say a Windows AD, or another Nethserver as AD or LDAP. Any kind of remote server such interactions would NOT be available.

And german data law is quite strict about what get’s deleted when… :slight_smile:

And take into account the following scenario: The Account Provider has a bug. Needs to be repaired, simplest by deleting and recreating the user. mail can be saved. But you’ld also need to think about seperately saving and reimporting all Webtop data.

My 2 cents
Andy

Yes, but in the sense of “do not keep to much data”. The EU/German data law says, that no personal information must be held without need and without user consent. I.e. if a user wants to have its data deleted, it has to be deleted. Completely.

I still do not understand, what you think it is dangerous to delete allmost useless configuration data when already ALL mails are already deleted. The real valuable data is the mail data not the configuration.

@carsten

Some people (users) don’t care about the spam container we call mail or inbox, they never even look at it. But don’t touch their appointments or contacts!

I also had to deal with such users… :slight_smile:

Andy

So, why do you delete the user, when you want to keep its contacts?

To repare eG the Account Provider, See Post above…