Topic
11 replies Latest Post - ‏2013-01-16T05:30:19Z by SystemAdmin
tells
tells
3 Posts
ACCEPTED ANSWER

Pinned topic How to delete users or change LDAP properties.

‏2010-10-19T05:16:34Z |
I was testing my LDAP connection to a different LDAP server than I want to have configured for all my users. I logged in with my account and it created the account using the LDAP settings that I don't want to use. I then changed the LDAP setting to point to a different LDAP server, but the account that I logged in with is still tied to the old LDAP server. Is there a way to delete the account? If not, can I change which LDAP server the account get authenticated to?
Updated on 2013-01-16T05:30:19Z at 2013-01-16T05:30:19Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    648 Posts
    ACCEPTED ANSWER

    Re: How to delete users or change LDAP properties.

    ‏2012-12-20T03:10:22Z  in response to tells
    Have you managed to solve this ? I am facing the same issue. Wnat to change the user LDAP attributes. System is not allowing me to do that.
    • SystemAdmin
      SystemAdmin
      648 Posts
      ACCEPTED ANSWER

      Re: How to delete users or change LDAP properties.

      ‏2012-12-20T04:09:49Z  in response to SystemAdmin
      Hi,

      MDM4PIM LDAP user attributes are managed via LDAP server only.
      • SystemAdmin
        SystemAdmin
        648 Posts
        ACCEPTED ANSWER

        Re: How to delete users or change LDAP properties.

        ‏2012-12-20T21:01:13Z  in response to SystemAdmin
        But is there any way I can disable the LDAP flag to false in PIM for a user? System is not allowing me to do that.
        • SystemAdmin
          SystemAdmin
          648 Posts
          ACCEPTED ANSWER

          Re: How to delete users or change LDAP properties.

          ‏2012-12-21T04:30:37Z  in response to SystemAdmin
          I managed with a similar issue via a direct table update. I used the following SQL
          
          update SCU set SCU_LDAP_FLAG=
          'N' where SCU_USERNAME=
          'your user login'
          
        • XH18_Remi_Serra
          XH18_Remi_Serra
          3 Posts
          ACCEPTED ANSWER

          Re: How to delete users or change LDAP properties.

          ‏2012-12-24T09:24:31Z  in response to SystemAdmin
          Or you can use the scripting function
          void User::setUserLdapEnabled(Boolean bToEnable)
          Sets the user as a LDAP user.

          to disable :
          var u = getUserByUsername("UserName");
          u.setUserLdapEnabled(false);

          Regards,
          Rémi
          • SystemAdmin
            SystemAdmin
            648 Posts
            ACCEPTED ANSWER

            Re: How to delete users or change LDAP properties.

            ‏2012-12-24T09:47:44Z  in response to XH18_Remi_Serra
            Hi Remi,

            You must get an error if you try to save changes of a LDAP user account via script. I got.
            • XH18_Remi_Serra
              XH18_Remi_Serra
              3 Posts
              ACCEPTED ANSWER

              Re: How to delete users or change LDAP properties.

              ‏2012-12-24T10:13:05Z  in response to SystemAdmin
              Hi Alexander,

              I tested it on PIM 9.1, but that was to enable LDAP for users already created locally.
              Maybe when disabling ldap you must set some other user info (first/last name, email, adress...) - can't test right now.

              As it is probalby a one time operation, the SQL way is ok,
              but if you need to do it regularly, you'd better try with scripting, and open a PMR if it doenst work.

              BTW, I forgot in my exemple : the user must be saved after changes:
              var errs = u.saveUser().

              Regards,
              and Merry christmas!
              • KaranBal
                KaranBal
                108 Posts
                ACCEPTED ANSWER

                Re: How to delete users or change LDAP properties.

                ‏2013-01-15T01:05:34Z  in response to XH18_Remi_Serra
                A couple of things to note here:
                1. If you are using LDAP user, then most of the user information does not exist in any of the tables in MDMCS. The only place where it exists in the LDAP itself. Therefore even SQLs have their limitation.
                2. With a script, you may edit the user information in LDAP but you can not delete the user.

                But I think the main question was regarding deleting user which has been accidentally created. WE CAN NOT DELETE USERS COMPLETELY FROM MDMCS(Except via delete SQLs in SCU table, highly discouraged). This is because of audit trains and broken pointers. Users are connected to organizations, and the user record can not be dis-associated from the last organization. Usually there is only 1 organization(default one). But we can create a new organization, add the user to this new organization and delete it from the default organization(the last user record needs to remain connected to an organization). This is the only way to reuse the user record in LDAP.
                • SystemAdmin
                  SystemAdmin
                  648 Posts
                  ACCEPTED ANSWER

                  Re: How to delete users or change LDAP properties.

                  ‏2013-01-15T05:39:30Z  in response to KaranBal
                  1) If we are using a LDAP for authentication and if there is no a user account in MDMCS the one will be created in MDMCS after a successful login. So you always can find a corresponding record in SCU table and update it.
                  2) I'm not sure, but if you try update a ldap user information via a script you will get a error message as you would try to update it via UI, because the user is LDAP and his data is read-only
                  • KaranBal
                    KaranBal
                    108 Posts
                    ACCEPTED ANSWER

                    Re: How to delete users or change LDAP properties.

                    ‏2013-01-15T16:38:52Z  in response to SystemAdmin
                    An record is created for the user in MDMCS but that is just a shell of a user account. It is a placeholder for information in LDAP. It will not any of the user details(which will be looked up via LDAP).
                    • SystemAdmin
                      SystemAdmin
                      648 Posts
                      ACCEPTED ANSWER

                      Re: How to delete users or change LDAP properties.

                      ‏2013-01-16T05:30:19Z  in response to KaranBal
                      All necessary (for MDMCS) user's information is copied into the record, so if I remove LDAP flag via the SQL the user will become a regular MDMCS user