Deleting the authentication and the ID mapping configuration
Deleting the authentication and ID mapping configuration results in loss of access to data. Before you remove or edit ID mappings, determine how access to data is going to be maintained.
Removing file authentication
- Issue the mmuserauth service list command to
see the authentication method that is configured in the system:
# mmuserauth service list FILE access configuration: LDAP PARAMETERS VALUES ------------------------------------------------- ENABLE_ANONYMOUS_BIND false ENABLE_SERVER_TLS false ENABLE_KERBEROS false USER_NAME cn=manager,dc=example,dc=com SERVERS 10.0.100.121 NETBIOS_NAME eslhnode BASE_DN dc=example,dc=com USER_DN ou=people,dc=example,dc=com GROUP_DN none NETGROUP_DN ou=netgroup,dc=example,dc=com USER_OBJECTCLASS inetOrgPerson GROUP_OBJECTCLASS posixGroup USER_NAME_ATTRIB cn USER_ID_ATTRIB uid KERBEROS_SERVER none KERBEROS_REALM none OBJECT access not configured PARAMETERS VALUES -------------------------------------------------
- Issue the mmuserauth service remove command to remove the authentication
configuration as shown in the following
example:
# mmuserauth service remove -–data-access-method file mmcesuserauth service remove: Command successfully completed.
- Issue the mmuserauth service list command to
verify whether the authentication configuration is removed:
# mmuserauth service list FILE access not configured PARAMETERS VALUES ------------------------------------------------- OBJECT access not configured PARAMETERS VALUES -------------------------------------------------
For more information, see mmuserauth command.
# mmuserauth service remove --data-access-method file --idmapdelete
mmuserauth service remove: Command successfully completed
Removing object authentication
The deletion of ID maps that are used for file access is only applicable when AD with Automatic ID mapping or RFC2307 ID mapping is configured.
Deleting ID maps might also be required in the case of object access. ID map delete option can be used if the system administrator wants to clean up the entire Keystone authentication configuration, including the mapping of users with projects and roles. Cleaning up of ID mapping information results in loss of access to any existing data that is being accessed through the Object Storage interface. Deleting ID mappings deletes user-role-projects mappings as well. Without these mappings, new users are unable to access the old data unless the keystone administrator creates the mapping again for the new user. ID maps are deleted in environments where the object protocol needs to be removed or the entire object store needs to be erased. This is usually done in preproduction or test environments.
# mmuserauth service remove --data-access-method object
mmuserauth service remove: Command successfully completed
# mmuserauth service remove --data-access-method object --idmapdelete
mmuserauth service remove: Command successfully completed
# mmuserauth service list
FILE access not configured
PARAMETERS VALUES
-------------------------------------------------
OBJECT access not configured
PARAMETERS VALUES
-------------------------------------------------