2022-04-27 13:22:11 +02:00
<!DOCTYPE HTML>
< html lang = "en" class = "sidebar-visible no-js light" >
< head >
<!-- Book generated using mdBook -->
< meta charset = "UTF-8" >
< title > The Recycle Bin - Kanidm Administration< / title >
<!-- Custom HTML head -->
< meta content = "text/html; charset=utf-8" http-equiv = "Content-Type" >
< meta name = "description" content = "" >
< meta name = "viewport" content = "width=device-width, initial-scale=1" >
< meta name = "theme-color" content = "#ffffff" / >
< link rel = "shortcut icon" href = "favicon.png" >
< link rel = "stylesheet" href = "css/variables.css" >
< link rel = "stylesheet" href = "css/general.css" >
< link rel = "stylesheet" href = "css/chrome.css" >
< link rel = "stylesheet" href = "css/print.css" media = "print" >
<!-- Fonts -->
< link rel = "stylesheet" href = "FontAwesome/css/font-awesome.css" >
< link rel = "stylesheet" href = "fonts/fonts.css" >
<!-- Highlight.js Stylesheets -->
< link rel = "stylesheet" href = "highlight.css" >
< link rel = "stylesheet" href = "tomorrow-night.css" >
< link rel = "stylesheet" href = "ayu-highlight.css" >
<!-- Custom theme stylesheets -->
< / head >
< body >
<!-- Provide site root to javascript -->
< script type = "text/javascript" >
var path_to_root = "";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "light";
< / script >
<!-- Work around some values being stored in localStorage wrapped in quotes -->
< script type = "text/javascript" >
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') & & theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') & & sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
< / script >
<!-- Set the theme before any content is loaded, prevents flash -->
< script type = "text/javascript" >
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('no-js')
html.classList.remove('light')
html.classList.add(theme);
html.classList.add('js');
< / script >
<!-- Hide / unhide sidebar before it is displayed -->
< script type = "text/javascript" >
var html = document.querySelector('html');
var sidebar = 'hidden';
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
}
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
< / script >
< nav id = "sidebar" class = "sidebar" aria-label = "Table of contents" >
< div class = "sidebar-scrollbox" >
2022-10-07 11:23:12 +02:00
< ol class = "chapter" > < li class = "chapter-item expanded " > < a href = "intro.html" > < strong aria-hidden = "true" > 1.< / strong > Introduction to Kanidm< / a > < / li > < li class = "chapter-item expanded " > < a href = "glossary.html" > < strong aria-hidden = "true" > 2.< / strong > Glossary of Technical Terms< / a > < / li > < li class = "chapter-item expanded " > < a href = "installing_the_server.html" > < strong aria-hidden = "true" > 3.< / strong > Installing the Server< / a > < / li > < li > < ol class = "section" > < li class = "chapter-item expanded " > < a href = "choosing_a_domain_name.html" > < strong aria-hidden = "true" > 3.1.< / strong > Choosing a Domain Name< / a > < / li > < li class = "chapter-item expanded " > < a href = "server_configuration.html" > < strong aria-hidden = "true" > 3.2.< / strong > Server Configuration< / a > < / li > < li class = "chapter-item expanded " > < a href = "security_hardening.html" > < strong aria-hidden = "true" > 3.3.< / strong > Security Hardening< / a > < / li > < / ol > < / li > < li class = "chapter-item expanded " > < a href = "client_tools.html" > < strong aria-hidden = "true" > 4.< / strong > Client Tools< / a > < / li > < li > < ol class = "section" > < li class = "chapter-item expanded " > < a href = "installing_client_tools.html" > < strong aria-hidden = "true" > 4.1.< / strong > Installing client tools< / a > < / li > < / ol > < / li > < li class = "chapter-item expanded " > < a href = "accounts_and_groups.html" > < strong aria-hidden = "true" > 5.< / strong > Accounts and Groups< / a > < / li > < li class = "chapter-item expanded " > < a href = "administrivia.html" > < strong aria-hidden = "true" > 6.< / strong > Administrative Tasks< / a > < / li > < li > < ol class = "section" > < li class = "chapter-item expanded " > < a href = "monitoring.html" > < strong aria-hidden = "true" > 6.1.< / strong > Monitoring the platform< / a > < / li > < li class = "chapter-item expanded " > < a href = "password_quality.html" > < strong aria-hidden = "true" > 6.2.< / strong > Password Quality and Badlisting< / a > < / li > < li class = "chapter-item expanded " > < a href = "posix_accounts.html" > < strong aria-hidden = "true" > 6.3.< / strong > POSIX Accounts and Groups< / a > < / li > < li class = "chapter-item expanded " > < a href = "ssh_key_dist.html" > < strong aria-hidden = "true" > 6.4.< / strong > SSH Key Distribution< / a > < / li > < li class = "chapter-item expanded " > < a href = "recycle_bin.html" class = "active" > < strong aria-hidden = "true" > 6.5.< / strong > The Recycle Bin< / a > < / li > < li class = "chapter-item expanded " > < a href = "why_tls.html" > < strong aria-hidden = "true" > 6.6.< / strong > Why TLS?< / a > < / li > < / ol > < / li > < li class = "chapter-item expanded " > < a href = "frequently_asked_questions.html" > < strong aria-hidden = "true" > 7.< / strong > Frequently Asked Questions< / a > < / li > < li class = "chapter-item expanded " > < a href = "troubleshooting.html" > < strong aria-hidden = "true" > 8.< / strong > Troubleshooting< / a > < / li > < li class = "chapter-item expanded affix " > < li class = "part-title" > Integrations< / li > < li class = "chapter-item expanded " > < a href = "integrations/oauth2.html" > < strong aria-hidden = "true" > 9.< / strong > Oauth2< / a > < / li > < li class = "chapter-item expanded " > < a href = "integrations/pam_and_nsswitch.html" > < strong aria-hidden = "true" > 10.< / strong > PAM and nsswitch< / a > < / li > < li class = "chapter-item expanded " > < a href = "integrations/radius.html" > < strong aria-hidden = "true" > 11.< / strong > RADIUS< / a > < / li > < li class = "chapter-item expanded " > < a href = "integrations/ldap.html" > < strong aria-hidden = "true" > 12.< / strong > LDAP< / a > < / li > < li class = "chapter-item expanded affix " > < li class = "part-title" > Integration Examples< / li > < li class = "chapter-item expanded " > < a href = "examples/k8s_ingress_example.html" > < strong aria-hidden = "true" > 13.< / strong > Kubernetes Ingress< / a > < / li > < li class = "chapter-item expanded affix " > < li class = "part-title" > For Developers< / li > < li class = "chapter-item expanded " > < a href = "DEVELOPER_README.html" > < strong aria-hidden = "true" > 14.< / strong > Developer Guide< / a > < / li > < li class = "chapter-item expanded " > < div > < strong aria-hidden = "true" > 15.< / strong > Design Documents< / div > < / li > < li > < ol class = "section" > < li class = "chapter-item expanded " > < a href = "developers/designs/access_profiles_rework_2022.html" > < strong aria-hidden = "true" > 15.1.< / strong > Access Profiles 2022< / a > < / li > < li class = "chapter-item expanded " > < a href = "developers/designs/access_profiles_and_security.html" > < strong aria-hidden = "true" > 15.2.< / strong > Access Profiles O
2022-04-27 13:22:11 +02:00
< / div >
< div id = "sidebar-resize-handle" class = "sidebar-resize-handle" > < / div >
< / nav >
< div id = "page-wrapper" class = "page-wrapper" >
< div class = "page" >
< div id = "menu-bar-hover-placeholder" > < / div >
< div id = "menu-bar" class = "menu-bar sticky bordered" >
< div class = "left-buttons" >
< button id = "sidebar-toggle" class = "icon-button" type = "button" title = "Toggle Table of Contents" aria-label = "Toggle Table of Contents" aria-controls = "sidebar" >
< i class = "fa fa-bars" > < / i >
< / button >
< button id = "theme-toggle" class = "icon-button" type = "button" title = "Change theme" aria-label = "Change theme" aria-haspopup = "true" aria-expanded = "false" aria-controls = "theme-list" >
< i class = "fa fa-paint-brush" > < / i >
< / button >
< ul id = "theme-list" class = "theme-popup" aria-label = "Themes" role = "menu" >
< li role = "none" > < button role = "menuitem" class = "theme" id = "light" > Light (default)< / button > < / li >
< li role = "none" > < button role = "menuitem" class = "theme" id = "rust" > Rust< / button > < / li >
< li role = "none" > < button role = "menuitem" class = "theme" id = "coal" > Coal< / button > < / li >
< li role = "none" > < button role = "menuitem" class = "theme" id = "navy" > Navy< / button > < / li >
< li role = "none" > < button role = "menuitem" class = "theme" id = "ayu" > Ayu< / button > < / li >
< / ul >
< button id = "search-toggle" class = "icon-button" type = "button" title = "Search. (Shortkey: s)" aria-label = "Toggle Searchbar" aria-expanded = "false" aria-keyshortcuts = "S" aria-controls = "searchbar" >
< i class = "fa fa-search" > < / i >
< / button >
< / div >
< h1 class = "menu-title" > Kanidm Administration< / h1 >
< div class = "right-buttons" >
< a href = "print.html" title = "Print this book" aria-label = "Print this book" >
< i id = "print-button" class = "fa fa-print" > < / i >
< / a >
2022-07-05 03:51:41 +02:00
< a href = "https://github.com/kanidm/kanidm" title = "Git repository" aria-label = "Git repository" >
< i id = "git-repository-button" class = "fa fa-github" > < / i >
< / a >
< a href = "https://github.com/kanidm/kanidm/edit/master/kanidm_book/src/recycle_bin.md" title = "Suggest an edit" aria-label = "Suggest an edit" >
< i id = "git-edit-button" class = "fa fa-edit" > < / i >
< / a >
2022-04-27 13:22:11 +02:00
< / div >
< / div >
< div id = "search-wrapper" class = "hidden" >
< form id = "searchbar-outer" class = "searchbar-outer" >
< input type = "search" id = "searchbar" name = "searchbar" placeholder = "Search this book ..." aria-controls = "searchresults-outer" aria-describedby = "searchresults-header" >
< / form >
< div id = "searchresults-outer" class = "searchresults-outer hidden" >
< div id = "searchresults-header" class = "searchresults-header" > < / div >
< ul id = "searchresults" >
< / ul >
< / div >
< / div >
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
< script type = "text/javascript" >
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
< / script >
< div id = "content" class = "content" >
< main >
< h1 id = "recycle-bin" > < a class = "header" href = "#recycle-bin" > Recycle Bin< / a > < / h1 >
< p > The recycle bin is a storage of deleted entries from the server. This allows
recovery from mistakes for a period of time.< / p >
2022-08-08 03:34:08 +02:00
< table >
< tr >
< td rowspan = 2 > < img src = "images/kani-warning.png" alt = "Kani Warning" / > < / td >
< td > < strong > Warning!< / strong > < / td >
< / tr >
< tr >
< td > The recycle bin is a best effort - when recovering in some cases not everything can be "put back" the way it was. Be sure to check your entries are valid once they have been revived.< / td >
< / tr >
< / table >
2022-04-27 13:22:11 +02:00
< h2 id = "where-is-the-recycle-bin" > < a class = "header" href = "#where-is-the-recycle-bin" > Where is the Recycle Bin?< / a > < / h2 >
< p > The recycle bin is stored as part of your main database - it is included in all
backups and restores, just like any other data. It is also replicated between
all servers.< / p >
2022-05-27 01:20:56 +02:00
< h2 id = "how-do-things-get-into-the-recycle-bin" > < a class = "header" href = "#how-do-things-get-into-the-recycle-bin" > How do Things Get Into the Recycle Bin?< / a > < / h2 >
2022-04-27 13:22:11 +02:00
< p > Any delete operation of an entry will cause it to be sent to the recycle bin. No
configuration or specification is required.< / p >
2022-05-27 01:20:56 +02:00
< h2 id = "how-long-do-items-stay-in-the-recycle-bin" > < a class = "header" href = "#how-long-do-items-stay-in-the-recycle-bin" > How Long Do Items Stay in the Recycle Bin?< / a > < / h2 >
2022-04-27 13:22:11 +02:00
< p > Currently they stay up to 1 week before they are removed.< / p >
< h2 id = "managing-the-recycle-bin" > < a class = "header" href = "#managing-the-recycle-bin" > Managing the Recycle Bin< / a > < / h2 >
< p > You can display all items in the Recycle Bin with:< / p >
2022-10-07 11:23:12 +02:00
< pre > < code > kanidm recycle-bin list --name admin
2022-04-27 13:22:11 +02:00
< / code > < / pre >
2022-10-07 11:23:12 +02:00
< p > You can show a single item with:< / p >
< pre > < code > kanidm recycle-bin get --name admin < uuid>
2022-04-27 13:22:11 +02:00
< / code > < / pre >
< p > An entry can be revived with:< / p >
2022-10-07 11:23:12 +02:00
< pre > < code > kanidm recycle-bin revive --name admin < uuid>
2022-04-27 13:22:11 +02:00
< / code > < / pre >
2022-05-27 01:20:56 +02:00
< h2 id = "edge-cases" > < a class = "header" href = "#edge-cases" > Edge Cases< / a > < / h2 >
2022-04-27 13:22:11 +02:00
< p > The recycle bin is a best effort to restore your data - there are some cases where
the revived entries may not be the same as their were when they were deleted. This
generally revolves around reference types such as group membership, or when the reference
type includes supplemental map data such as the oauth2 scope map type.< / p >
< p > An example of this data loss is the following steps:< / p >
< pre > < code > add user1
add group1
add user1 as member of group1
delete user1
delete group1
revive user1
revive group1
< / code > < / pre >
< p > In this series of steps, due to the way that referential integrity is implemented, the
membership of user1 in group1 would be lost in this process. To explain why:< / p >
< pre > < code > add user1
add group1
add user1 as member of group1 // refint between the two established, and memberof added
delete user1 // group1 removes member user1 from refint
delete group1 // user1 now removes memberof group1 from refint
revive user1 // re-add groups based on directmemberof (empty set)
revive group1 // no members
< / code > < / pre >
< p > These issues could be looked at again in the future, but for now we think that deletes of
groups is rare - we expect recycle bin to save you in " opps" moments, and in a majority
of cases you may delete a group or a user and then restore them. To handle this series
of steps requires extra code complexity in how we flag operations. For more,
see < a href = "https://github.com/kanidm/kanidm/issues/177" > This issue on github< / a > .< / p >
< / main >
< nav class = "nav-wrapper" aria-label = "Page navigation" >
<!-- Mobile navigation buttons -->
< a rel = "prev" href = "ssh_key_dist.html" class = "mobile-nav-chapters previous" title = "Previous chapter" aria-label = "Previous chapter" aria-keyshortcuts = "Left" >
< i class = "fa fa-angle-left" > < / i >
< / a >
2022-06-05 07:20:33 +02:00
< a rel = "next" href = "why_tls.html" class = "mobile-nav-chapters next" title = "Next chapter" aria-label = "Next chapter" aria-keyshortcuts = "Right" >
2022-04-27 13:22:11 +02:00
< i class = "fa fa-angle-right" > < / i >
< / a >
< div style = "clear: both" > < / div >
< / nav >
< / div >
< / div >
< nav class = "nav-wide-wrapper" aria-label = "Page navigation" >
< a rel = "prev" href = "ssh_key_dist.html" class = "nav-chapters previous" title = "Previous chapter" aria-label = "Previous chapter" aria-keyshortcuts = "Left" >
< i class = "fa fa-angle-left" > < / i >
< / a >
2022-06-05 07:20:33 +02:00
< a rel = "next" href = "why_tls.html" class = "nav-chapters next" title = "Next chapter" aria-label = "Next chapter" aria-keyshortcuts = "Right" >
2022-04-27 13:22:11 +02:00
< i class = "fa fa-angle-right" > < / i >
< / a >
< / nav >
< / div >
< script type = "text/javascript" >
window.playground_copyable = true;
< / script >
< script src = "elasticlunr.min.js" type = "text/javascript" charset = "utf-8" > < / script >
< script src = "mark.min.js" type = "text/javascript" charset = "utf-8" > < / script >
< script src = "searcher.js" type = "text/javascript" charset = "utf-8" > < / script >
< script src = "clipboard.min.js" type = "text/javascript" charset = "utf-8" > < / script >
< script src = "highlight.js" type = "text/javascript" charset = "utf-8" > < / script >
< script src = "book.js" type = "text/javascript" charset = "utf-8" > < / script >
<!-- Custom JS scripts -->
< / body >
< / html >
