starlingx
/
docs
Code Issues Proposed changes

Merge "Update procedure for deleting ldap user (r8,dsR8)"

This commit is contained in:
Zuul 2024-03-08 14:47:18 +00:00 committed by Gerrit Code Review
parent 12831b425f 117b265378
commit 0aadbc6213
1 changed files with 29 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
doc/source/security/kubernetes/delete-ldap-linux-accounts-7de0782fbafd.rst
View File

@ -4,17 +4,26 @@
Delete LDAP Linux Accounts Delete LDAP Linux Accounts
========================== ==========================
.. rubric:: |context|
When a |LDAP| user account is created in the |LDAP| server, using
:command:`sudo ldapusersetup` command, a corresponding |LDAP| Linux user is
created on the |prod| by mapping the |LDAP| user attributes to Linux user
attributes. The delete operation of a |LDAP| Linux account involves both the
deletion from the Linux system as well as the deletion of the corresponding
|LDAP| server object.
The home directory for a new |LDAP| Linux user will be created after the first
login, as: ``/home/<username>``. At the same time, the user will be prompted to
change the default password to a secure password based on mandatory format
rules.
.. rubric:: |proc|
The following steps describe the procedure to delete |LDAP| Linux accounts. The following steps describe the procedure to delete |LDAP| Linux accounts.
#. Log in as **sysadmin**, and create a new LDAP user, if not already created. #. |Optional| Logged in as sysadmin, check that the user exists on |prod| using one of
the commands:
.. code-block:: none
~(keystone_admin)]$ sudo ldapusersetup
#. Check that the Linux user has been created on |prod| using one of the
commands:
.. code-block:: none .. code-block:: none
@ -24,22 +33,15 @@ The following steps describe the procedure to delete |LDAP| Linux accounts.
getent passwd <username> getent passwd <username>
#. SSH to |prod| as the new |LDAP| user and change the initial password when
prompted at first login.
.. note::
This step is only required for new users that were never used to login
the platform.
#. Check that the home directory was created as ``/home/<username>``.
#. Delete |LDAP| user. #. Delete |LDAP| user.
.. code-block:: none .. code-block:: none
~(keystone_admin)]$ sudo ldapdeleteuser <username> ~(keystone_admin)]$ sudo ldapdeleteuser <username>
This command will remove the |LDAP| user from both the |LDAP| server as
well as from the Linux platform.
#. Check that the |LDAP| user was removed from the local |LDAP| server. #. Check that the |LDAP| user was removed from the local |LDAP| server.
.. code-block:: none .. code-block:: none
@ -70,9 +72,12 @@ The following steps describe the procedure to delete |LDAP| Linux accounts.
~(keystone_admin)]$ getent passwd <username> ~(keystone_admin)]$ getent passwd <username>
#. Check that the Linux home directory still exists after the user has The |LDAP| Linux user home directory still exists after the user has been
been removed. removed.
The Linux home directories of the deleted Linux |LDAP| users will be The Linux home directories of the deleted Linux |LDAP| users will be managed by
managed by the system administrator. The platform will not remove them the system administrator. The platform will not remove them together with the
together with the removal of the user. removal of the user.
The system administrator can backup (off system) and/or delete the home
directories.