Merge "Procedure for deleteing a ldap user (r8,dsR8)"

This commit is contained in:
Zuul 2023-11-29 14:26:55 +00:00 committed by Gerrit Code Review
commit b95fb4452c
2 changed files with 79 additions and 0 deletions

View File

@ -0,0 +1,78 @@
.. _delete-ldap-linux-accounts-7de0782fbafd:
==========================
Delete LDAP Linux Accounts
==========================
The following steps describe the procedure to delete |LDAP| Linux accounts.
#. Log in as **sysadmin**, and create a new LDAP user, if not already created.
.. code-block:: none
~(keystone_admin)]$ sudo ldapusersetup
#. Check that the Linux user has been created on |prod| using one of the
commands:
.. code-block:: none
id <username>
.. code-block:: none
getent passwd <username>
#. SSH to |prod| as the new |LDAP| user and change the initial password when
prompted at first login.
.. note::
This step is only required for new users that were never used to login
the platform.
#. Check that the home directory was created as ``/home/<username>``.
#. Delete |LDAP| user.
.. code-block:: none
~(keystone_admin)]$ sudo ldapdeleteuser <username>
#. Check that the |LDAP| user was removed from the local |LDAP| server.
.. code-block:: none
~(keystone_admin)]$ sudo ldapsearch -x -LLL -b dc=cgcs,dc=local
or
.. code-block:: none
~(keystone_admin)]$ sudo ldapfinger <username>
.. note::
SSSD service will sync-up |LDAP| linux users from the |LDAP| server,
and this might take several minutes because is done according to
``ldap_enumeration_refresh_timeout`` time interval setting.
#. Check that the local |LDAP| Linux user was removed from the cloud platform.
.. code-block:: none
~(keystone_admin)]$ id <username>
or
.. code-block:: none
~(keystone_admin)]$ getent passwd <username>
#. Check that the Linux home directory still exists after the user has
been removed.
The Linux home directories of the deleted Linux |LDAP| users will be
managed by the system administrator. The platform will not remove them
together with the removal of the user.

View File

@ -43,6 +43,7 @@ For more information, refer to the following:
the-sysadmin-account
local-ldap-linux-user-accounts
create-ldap-linux-accounts
delete-ldap-linux-accounts-7de0782fbafd
remote-access-for-linux-accounts
password-recovery-for-linux-user-accounts
estabilish-credentials-for-linux-user-accounts