To Delete Users of Calendar Server in Non-Hosted Domain
Mode and Messaging Server
Use this procedure if you are running Calendar Server without hosted domains, and you are also running Messaging Server (where both Messaging Server and Calendar Server users are provisioned in the same directory).
Before You Begin
You should be familiar with the syntax and operation of the LDAP tools such as ldapmodify.
-
Verify the user entry you want to delete.
The following ldif file shows an example of a user entry before you begin the deletion. Note that the inetUserStatus attribute is active:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com mailUserStatus: active sn: Smith cn: John Smith mailDeliveryOption: mailbox icsStatus: Active icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser inetUserStatus: Active userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== iplanet-am-user-login-status: Active -
Use the csuser disable command to prevent the user from accessing the calendar.
csuser disable userid
This command adds the following attribute and value to the user entry:
icsAllowedServiceAccess: http
This step disables a user from being able to log in to Calendar Server.
Example:
csuser disable jsmith
where jsmith is the user ID of the user.
-
Use the ldapmodify command to mark the messaging user for deletion.
This step changes the user's status to “deleted” in the LDAP directory by changing the value of the user's inetUserStatus attribute to deleted.
Example:
-
Create the following ldif file, named markUserDeleted.ldif:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix changetype: modify replace: inetuserstatus inetuserstatus: deleted
-
Run the ldapmodify command:
ldapmodify -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 -f markUserDeleted.ldif
The user entry now looks like this:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com mailUserStatus: active sn: Smith cn: John Smith mailDeliveryOption: mailbox icsStatus: Active icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== inetUserStatus: deleted icsAllowedServiceAccess: http iplanet-am-user-login-status: Active
-
-
Use the msuserpurge command to remove the mailbox from the user.
The msuserpurge command finds all user entries where inetUserStatus or mailUserStatus is set to deleted and purges those user mailboxes from the message store. All resources associated with those users are also removed. msuserpurge then marks the mailUserStatus attribute in the affected user entries as “removed.”
msuserpurge -d domain
- -d domain
-
Specifies the domain of the user marked for deletion
Example:
msuserpurge -d sesta.com
The user entry now looks like this:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com sn: Smith cn: John Smith mailDeliveryOption: mailbox icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== inetUserStatus: deleted icsStatus: removed mailUserStatus: removed icsAllowedServiceAccess: http iplanet-am-user-login-status: Active -
Use the csuser delete command to permanently remove the user entry from the LDAP directory and remove the user's default calendar from the calendar database.
This command also deletes all secondary calendars owned by the user.
Before you run this command, be sure that the user has not been provisioned for any applications in addition to Messaging Server, Calendar Server, and Communications Express. This step permanently removes the entire user entry from the directory, including all attributes that support applications to which the user has had access.
csuser delete userid
- userid
-
Specifies the user ID of the user being deleted.
Example:
csuser delete jsmith
-
Delete the user from all groups (mail lists) in which the user is a member or owner.
Use the ldapsearch command to search the directory for all groups. If, in your directory, all groups are located under ou=Groups under a single domain, you can restrict the search to the ou=Groups subtree.
In each group, search on the following attributes:
owner uniqueMember
Delete each instance where the value is:
uniqueMember:uid=jsmith,ou=People,o=sesta.com,o=root_suffix
In each instance where the value is:
owner:cn=John Smith,ou=People,o=sesta.com,o=root_suffix
change the owner to another user.
Note –Once a user is no longer specifically named as a group member or owner, the user will no longer appear in any groups, including dynamic group memberships and any nested groups.
-
If the user created an address book in Communications Express, use LDAP tools to find and remove the personal address-book related LDAP entries.
The LDAP data for a user's personal address book is stored in a base entry and several subordinate entries. For a sample listing, see User Data Stored in the Directory by Communications Express.
The following steps summarize how to find and remove these entries. You might want to write your own script to automate these steps.
-
Use the ldapsearch command to find the user's address-book base entry and all its descendants.
The base entry is piPStoreOwner=user, where user specifies the user ID to be deleted.
Example:
ldapsearch -b "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" -s sub "objectclass=*" dn
This example finds the personal address book DNs for a user named jsmith in the sesta.com domain.
-
Use the ldapdelete command to remove each subordinate entry.
Example:
ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piEntryID=e10976f864e00m,piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb"
You might prefer not to run ldapdelete for each subordinate entry. Instead, you can create a response file based on the LDIF output generated from the preceding ldapsearch command. The response file can be used with ldapdelete to iteratively delete the multiple entries.
-
Use the ldapdelete command to remove the user's address-book base entry.
Example:
ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb"
When you complete these steps, all user-related data maintained by Communications Express is removed.
-
- © 2010, Oracle Corporation and/or its affiliates