Merge "Procedure for deleteing a ldap user (r8,dsR8)"
This commit is contained in:
Zuul
Gerrit Code Review
commit
b95fb4452c
@ -0,0 +1,78 @@
|
|||||||
|
.. _delete-ldap-linux-accounts-7de0782fbafd:
|
||||||
|
|
||||||
|
==========================
|
||||||
|
Delete LDAP Linux Accounts
|
||||||
|
==========================
|
||||||
|
|
||||||
|
The following steps describe the procedure to delete |LDAP| Linux accounts.
|
||||||
|
|
||||||
|
#. Log in as **sysadmin**, and create a new LDAP user, if not already created.
|
||||||
|
|
||||||
|
.. code-block:: none
|
||||||
|
|
||||||
|
~(keystone_admin)]$ sudo ldapusersetup
|
||||||
|
|
||||||
|
|
||||||
|
#. Check that the Linux user has been created on |prod| using one of the
|
||||||
|
commands:
|
||||||
|
|
||||||
|
.. code-block:: none
|
||||||
|
|
||||||
|
id <username>
|
||||||
|
|
||||||
|
.. code-block:: none
|
||||||
|
|
||||||
|
getent passwd <username>
|
||||||
|
|
||||||
|
#. SSH to |prod| as the new |LDAP| user and change the initial password when
|
||||||
|
prompted at first login.
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
This step is only required for new users that were never used to login
|
||||||
|
the platform.
|
||||||
|
|
||||||
|
#. Check that the home directory was created as ``/home/<username>``.
|
||||||
|
|
||||||
|
#. Delete |LDAP| user.
|
||||||
|
|
||||||
|
.. code-block:: none
|
||||||
|
|
||||||
|
~(keystone_admin)]$ sudo ldapdeleteuser <username>
|
||||||
|
|
||||||
|
#. Check that the |LDAP| user was removed from the local |LDAP| server.
|
||||||
|
|
||||||
|
.. code-block:: none
|
||||||
|
|
||||||
|
~(keystone_admin)]$ sudo ldapsearch -x -LLL -b dc=cgcs,dc=local
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
.. code-block:: none
|
||||||
|
|
||||||
|
~(keystone_admin)]$ sudo ldapfinger <username>
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
SSSD service will sync-up |LDAP| linux users from the |LDAP| server,
|
||||||
|
and this might take several minutes because is done according to
|
||||||
|
``ldap_enumeration_refresh_timeout`` time interval setting.
|
||||||
|
|
||||||
|
#. Check that the local |LDAP| Linux user was removed from the cloud platform.
|
||||||
|
|
||||||
|
.. code-block:: none
|
||||||
|
|
||||||
|
~(keystone_admin)]$ id <username>
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
.. code-block:: none
|
||||||
|
|
||||||
|
~(keystone_admin)]$ getent passwd <username>
|
||||||
|
|
||||||
|
#. Check that the Linux home directory still exists after the user has
|
||||||
|
been removed.
|
||||||
|
|
||||||
|
The Linux home directories of the deleted Linux |LDAP| users will be
|
||||||
|
managed by the system administrator. The platform will not remove them
|
||||||
|
together with the removal of the user.
|
||||||
@ -43,6 +43,7 @@ For more information, refer to the following:
|
|||||||
the-sysadmin-account
|
the-sysadmin-account
|
||||||
local-ldap-linux-user-accounts
|
local-ldap-linux-user-accounts
|
||||||
create-ldap-linux-accounts
|
create-ldap-linux-accounts
|
||||||
|
delete-ldap-linux-accounts-7de0782fbafd
|
||||||
remote-access-for-linux-accounts
|
remote-access-for-linux-accounts
|
||||||
password-recovery-for-linux-user-accounts
|
password-recovery-for-linux-user-accounts
|
||||||
estabilish-credentials-for-linux-user-accounts
|
estabilish-credentials-for-linux-user-accounts
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user