Merge "Update procedure for deleting ldap user (r8,dsR8)"
This commit is contained in:
Zuul
Gerrit Code Review
commit
0aadbc6213
|
|
@ -4,17 +4,26 @@
|
|||
Delete LDAP Linux Accounts
|
||||
==========================
|
||||
|
||||
.. rubric:: |context|
|
||||
|
||||
When a |LDAP| user account is created in the |LDAP| server, using
|
||||
:command:`sudo ldapusersetup` command, a corresponding |LDAP| Linux user is
|
||||
created on the |prod| by mapping the |LDAP| user attributes to Linux user
|
||||
attributes. The delete operation of a |LDAP| Linux account involves both the
|
||||
deletion from the Linux system as well as the deletion of the corresponding
|
||||
|LDAP| server object.
|
||||
|
||||
The home directory for a new |LDAP| Linux user will be created after the first
|
||||
login, as: ``/home/<username>``. At the same time, the user will be prompted to
|
||||
change the default password to a secure password based on mandatory format
|
||||
rules.
|
||||
|
||||
.. rubric:: |proc|
|
||||
|
||||
The following steps describe the procedure to delete |LDAP| Linux accounts.
|
||||
|
||||
#. Log in as **sysadmin**, and create a new LDAP user, if not already created.
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
~(keystone_admin)]$ sudo ldapusersetup
|
||||
|
||||
|
||||
#. Check that the Linux user has been created on |prod| using one of the
|
||||
commands:
|
||||
#. |Optional| Logged in as sysadmin, check that the user exists on |prod| using one of
|
||||
the commands:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
|
|
@ -24,22 +33,15 @@ The following steps describe the procedure to delete |LDAP| Linux accounts.
|
|||
|
||||
getent passwd <username>
|
||||
|
||||
#. SSH to |prod| as the new |LDAP| user and change the initial password when
|
||||
prompted at first login.
|
||||
|
||||
.. note::
|
||||
|
||||
This step is only required for new users that were never used to login
|
||||
the platform.
|
||||
|
||||
#. Check that the home directory was created as ``/home/<username>``.
|
||||
|
||||
#. Delete |LDAP| user.
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
~(keystone_admin)]$ sudo ldapdeleteuser <username>
|
||||
|
||||
This command will remove the |LDAP| user from both the |LDAP| server as
|
||||
well as from the Linux platform.
|
||||
|
||||
#. Check that the |LDAP| user was removed from the local |LDAP| server.
|
||||
|
||||
.. code-block:: none
|
||||
|
|
@ -70,9 +72,12 @@ The following steps describe the procedure to delete |LDAP| Linux accounts.
|
|||
|
||||
~(keystone_admin)]$ getent passwd <username>
|
||||
|
||||
#. Check that the Linux home directory still exists after the user has
|
||||
been removed.
|
||||
The |LDAP| Linux user home directory still exists after the user has been
|
||||
removed.
|
||||
|
||||
The Linux home directories of the deleted Linux |LDAP| users will be
|
||||
managed by the system administrator. The platform will not remove them
|
||||
together with the removal of the user.
|
||||
The Linux home directories of the deleted Linux |LDAP| users will be managed by
|
||||
the system administrator. The platform will not remove them together with the
|
||||
removal of the user.
|
||||
|
||||
The system administrator can backup (off system) and/or delete the home
|
||||
directories.
|
||||
Loading…
Reference in New Issue