Update procedure for deleting ldap user (r8,dsR8)

Applying comments made in merged review https://review.opendev.org/c/starlingx/docs/+/901833

Closes-bug: 2044541

Change-Id: Icd3293abec74e373b23d0b2f0540557ea9c5504c
Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
This commit is contained in:
Elisamara Aoki Goncalves 2024-01-19 13:16:03 +00:00
parent 6276abb99e
commit 117b265378

View File

@ -4,17 +4,26 @@
Delete LDAP Linux Accounts
==========================
.. rubric:: |context|
When a |LDAP| user account is created in the |LDAP| server, using
:command:`sudo ldapusersetup` command, a corresponding |LDAP| Linux user is
created on the |prod| by mapping the |LDAP| user attributes to Linux user
attributes. The delete operation of a |LDAP| Linux account involves both the
deletion from the Linux system as well as the deletion of the corresponding
|LDAP| server object.
The home directory for a new |LDAP| Linux user will be created after the first
login, as: ``/home/<username>``. At the same time, the user will be prompted to
change the default password to a secure password based on mandatory format
rules.
.. rubric:: |proc|
The following steps describe the procedure to delete |LDAP| Linux accounts.
#. Log in as **sysadmin**, and create a new LDAP user, if not already created.
.. code-block:: none
~(keystone_admin)]$ sudo ldapusersetup
#. Check that the Linux user has been created on |prod| using one of the
commands:
#. |Optional| Logged in as sysadmin, check that the user exists on |prod| using one of
the commands:
.. code-block:: none
@ -24,22 +33,15 @@ The following steps describe the procedure to delete |LDAP| Linux accounts.
getent passwd <username>
#. SSH to |prod| as the new |LDAP| user and change the initial password when
prompted at first login.
.. note::
This step is only required for new users that were never used to login
the platform.
#. Check that the home directory was created as ``/home/<username>``.
#. Delete |LDAP| user.
.. code-block:: none
~(keystone_admin)]$ sudo ldapdeleteuser <username>
This command will remove the |LDAP| user from both the |LDAP| server as
well as from the Linux platform.
#. Check that the |LDAP| user was removed from the local |LDAP| server.
.. code-block:: none
@ -70,9 +72,12 @@ The following steps describe the procedure to delete |LDAP| Linux accounts.
~(keystone_admin)]$ getent passwd <username>
#. Check that the Linux home directory still exists after the user has
been removed.
The |LDAP| Linux user home directory still exists after the user has been
removed.
The Linux home directories of the deleted Linux |LDAP| users will be
managed by the system administrator. The platform will not remove them
together with the removal of the user.
The Linux home directories of the deleted Linux |LDAP| users will be managed by
the system administrator. The platform will not remove them together with the
removal of the user.
The system administrator can backup (off system) and/or delete the home
directories.