docs/doc/source/security/kubernetes/delete-ldap-linux-accounts-7de0782fbafd.rst

Delete LDAP Linux Accounts

When a user account is created in the server, using sudo ldapusersetup command, a corresponding Linux user is created on the by mapping the user attributes to Linux user attributes. The delete operation of a Linux account involves both the deletion from the Linux system as well as the deletion of the corresponding server object.

The home directory for a new Linux user will be created after the first login, as: /home/<username>. At the same time, the user will be prompted to change the default password to a secure password based on mandatory format rules.

The following steps describe the procedure to delete Linux accounts.

1. Logged in as sysadmin, check that the user exists on using one of the commands:

   id <username>

   getent passwd <username>

2. Delete user.

   ~(keystone_admin)]$ sudo ldapdeleteuser <username>

   This command will remove the user from both the server as well as from the Linux platform.

3. Check that the user was removed from the local server.

   ~(keystone_admin)]$ sudo ldapsearch -x -LLL -b dc=cgcs,dc=local

   or

   ~(keystone_admin)]$ sudo ldapfinger <username>

   Note

   SSSD service will sync-up linux users from the server, and this might take several minutes because is done according to ldap_enumeration_refresh_timeout time interval setting.

4. Check that the local Linux user was removed from the cloud platform.

   ~(keystone_admin)]$ id <username>

   or

   ~(keystone_admin)]$ getent passwd <username>

The Linux user home directory still exists after the user has been removed.

The Linux home directories of the deleted Linux users will be managed by the system administrator. The platform will not remove them together with the removal of the user.

The system administrator can backup (off system) and/or delete the home directories.