.. _delete-ldap-linux-accounts-7de0782fbafd: Delete Local LDAP Linux Accounts -------------------------------- .. rubric:: |context| When a |LDAP| user account is created in the |LDAP| server, using :command:`sudo ldapusersetup` command, a corresponding |LDAP| Linux user is created on the |prod| by mapping the |LDAP| user attributes to Linux user attributes. The delete operation of a |LDAP| Linux account involves both the deletion from the Linux system as well as the deletion of the corresponding |LDAP| server object. .. rubric:: |proc| The following steps describe the procedure to delete |LDAP| Linux accounts. #. |Optional| Logged in as sysadmin, check that the user exists on |prod| using one of the commands: .. code-block:: none id .. code-block:: none getent passwd #. Delete |LDAP| user. .. code-block:: none ~(keystone_admin)]$ sudo ldapdeleteuser This command will remove the |LDAP| user from both the |LDAP| server as well as from the Linux platform. #. Check that the |LDAP| user was removed from the local |LDAP| server. .. code-block:: none ~(keystone_admin)]$ sudo ldapsearch -x -LLL -b dc=cgcs,dc=local or .. code-block:: none ~(keystone_admin)]$ sudo ldapfinger .. note:: SSSD service will sync-up |LDAP| linux users from the |LDAP| server, and this might take several minutes because is done according to ``ldap_enumeration_refresh_timeout`` time interval setting. #. Check that the local |LDAP| Linux user was removed from the cloud platform. .. code-block:: none ~(keystone_admin)]$ id or .. code-block:: none ~(keystone_admin)]$ getent passwd The |LDAP| Linux user home directory still exists after the user has been removed. The Linux home directories of the deleted Linux |LDAP| users will be managed (e.g. cleaned up) by the system administrator. The platform will not remove them together with the removal of the user. The system administrator can backup (off system) and/or delete the home directories.