To completely remove Messaging Server, Calendar Server, and Communications Express user data from the LDAP directory, the steps involve:
Marking the user entry for deletion
Removing the user's resources (mailbox and calendar)
Purging the user entry from LDAP
Removing the user from groups (mailing lists)
In addition, if the user used a personal address book within Communications Express, you need to delete those entries from LDAP.
You should use one of these methods to remove users:
Sun Java System Communications Services Delegated Administrator command-line tools
LDAP tools provided by Sun Java System Directory Server
Calendar Server utilities (for removing users of Calendar Server in non-hosted domain mode)
The procedures in this technical note describe how to use these different approaches. Each approach uses a different tool set.
The method you choose depends on the Communications Services products and versions you have installed.
The following table provides links directing you to the method (task) appropriate for your installation.
Table 1 Removing Users (Task Map)
Task Instructions |
Description |
Tools Recommended for This Task |
---|---|---|
To Delete Messaging Server and Calendar Server Users with Delegated Administrator Command-Line Tools |
If you have installed Communications Services Delegated Administrator to provision users in the LDAP directory for Messaging Server, Calendar Server, and/or Communications Express, use this task. This method is the simplest. If you have installed Delegated Administrator, we recommend that you use it to remove users. |
Sun Java System Communications Services Delegated Administrator command-line tools (If the user has personal address book data created through Communications Express, LDAP tools are also needed.) |
To Delete Messaging Server and Calendar Server Users with LDAP Tools |
If you have not installed Delegated Administrator and you provision users for Messaging Server, Calendar Server, and/or Communications Express with direct LDAP tools, use this task. |
LDAP tools provided by Sun Java System Directory Server |
To Delete Users of Calendar Server in Non-Hosted Domain Mode and Messaging Server |
If you are running Calendar Server in non-hosted domain mode, and you are also running Messaging Server (where both Messaging Server and Calendar Server users are provisioned in the same directory), use this task. |
Calendar Server utilities for users of Calendar Server in non-hosted domain mode and LDAP tools provided by Sun Java System Directory Server |
To Delete Users of Stand-Alone Calendar Server in Non-Hosted Domain Mode |
If you are running stand-alone Calendar Server in non-hosted domain mode (where no other Communications Services products are provisioned in the same directory), use this task. |
Calendar Server utilities for users of Calendar Server in non-hosted domain mode |
To Delete Messaging Server and Calendar Server Users with LDAP Tools |
iPlanet Messaging Server 5.x If you are running iPlanet Messaging Server 5.x, use the direct LDAP tools to remove users, use this task. Even if you use iPlanet Delegated Administrator to provision users for Messaging Server 5.x, we recommend that you use direct LDAP tools remove users. In this situation, the direct LDAP tools are the surest way to clean up the LDAP directory. (iPlanet Delegated Administrator, used with Messaging Server 5.x, is not the same as Communications Services Delegated Administrator, which was introduced for use with Java Enterprise System releases of Messaging Server and Calendar Server.) |
LDAP tools provided by Sun Java System Directory Server |
Permanently removing a user from the LDAP directory should always be the final step in a carefully planned procedure. Once you purge a user, it can be hard to retrieve the user information from back-up data, if that should become necessary.
Therefore, each procedure described here includes a first step that disables the user. After a user is disabled, that user cannot access the applications (the mailbox or calendar), but the user entry itself remains in the directory.
A later step permanently removes the user from the directory.
You can choose to run the purge step immediately after the disable step, or you can allow a period of time to pass between these steps to ensure that no user is accidentally purged.
Delegated Administrator provides a built-in grace period, which you can reset with a simple command-line option. This is one of the advantages of using Delegated Administrator.
If you use direct LDAP tools to remove the user, you can set an administrator-managed grace period as a best practice.
The Delegated Administrator commadmin domain purge command shown in these steps must be run by the Top-Level Administrator. (The commadmin user delete command can be run by a Top-Level Administrator or an Organization Administrator.)
In the Access Manager Administration Console, be sure that the Compliance User Deletion option is selected. It is selected by default when you configure Delegated Administrator.
The Compliance User Deletion option ensures that the user's LDAP entry is marked for deletion when you run the commadmin user delete command in Step 1, below. If this option is not selected, the commadmin user delete command will not operate properly.
Use the commadmin command to mark the messaging and calendar user for deletion.
This step changes the user's status to “deleted” in the LDAP directory by changing the value of the user's inetUserStatus attribute to deleted.
commadmin user delete -D admin user -n admin domain -w password -d domain -l user |
Specifies the user ID of the Top-Level Administrator (the user with permission to execute this command)
Specifies the domain of the Top-Level Administrator
Specifies the password of the Top-Level Administrator
Specifies the domain of the user to be deleted
Specifies the user ID of the user to be deleted
Example:
commadmin user delete -D admin -n siroe.com -w &!2x%!a5 -d sesta.com -l jsmith |
Use the appropriate command to remove mail and calendar resources from the user.
A resource can be a mailbox or a calendar.
For mail services, you use the msuserpurge command. msuserpurge finds all user entries where inetUserStatus or mailUserStatus is set to deleted and purges those user mailboxes from the message store. All resources associated with those users are also removed. msuserpurge then marks the mailUserStatus attribute in the affected user entries as “removed.”
msuserpurge -d domain |
Specifies the domain of the user marked for deletion
For calendar services, you use the csclean command. csclean finds all user entries where inetUserStatus or icsStatus is set to deleted and removes all calendars belonging to the deleted users. It then marks the icsStatus attribute in the affected user entries as “removed.”
csclean clean domain |
Mandatory argument for running the csclean command
Specifies the domain of the user marked for deletion
Example:
msuserpurge -d sesta.com csclean clean sesta.com |
Permanently remove the user entry from the directory by running the commadmin domain purge command.
The commadmin domain purge command permanently removes all user entries that have been marked as deleted. This command also removes the user from all groups (mail lists) in which the user is a member or owner.
commadmin domain purge -D admin user -n admin domain -w password -d domain -g grace |
Specifies the user ID of the Top-Level Administrator (the user with permission to execute this command)
Specifies the domain of the Top-Level Administrator
Specifies the password of the Top-Level Administrator
Specifies the domain of the user to be deleted
Specifies the grace period, in days, before the user is purged. Only users marked for deletion longer than the specified grace period are removed. The default value is 5 days. A 0 indicates purge immediately.
Example:
commadmin domain purge -D admin -n siroe.com -w &!2x%!a5 -d sesta.com -g 2 |
In the preceding example, only user entries marked for deletion longer than 2 days ago are removed. If you run commadmin user delete and commadmin domain purge on the same day, you would have to set the grace period to 0 to permanently remove those users.
If the user created an address book in Communications Express, use LDAP tools to find and remove the personal address-book related LDAP entries.
The LDAP data for a user's personal address book is stored in a base entry and several subordinate entries. For a sample listing, see User Data Stored in the Directory by Communications Express.
The following steps summarize how to find and remove these entries. You might want to write your own script to automate these steps.
Use the ldapsearch command to find the user's address-book base entry and all its descendants.
The base entry is piPStoreOwner=user, where user specifies the user ID to be deleted.
Example:
ldapsearch -b "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" -s sub "objectclass=*" dn |
This example finds the personal address book DNs for a user named jsmith in the sesta.com domain.
Use the ldapdelete command to remove each subordinate entry.
Example:
ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piEntryID=e10976f864e00m,piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" |
You might prefer not to run ldapdelete for each subordinate entry. Instead, you can create a response file based on the LDIF output generated from the preceding ldapsearch command. The response file can be used with ldapdelete to iteratively delete the multiple entries.
Use the ldapdelete command to remove the user's address-book base entry.
Example:
ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" |
When you complete these steps, all user-related data maintained by Communications Express is removed.
You should be familiar with the syntax and operation of the LDAP tools such as ldapmodify.
Verify the user entry you want to delete.
The following ldif file shows an example of a user entry before you begin the deletion. Note that the inetUserStatus attribute is active:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com mailUserStatus: active sn: Smith cn: John Smith mailDeliveryOption: mailbox icsStatus: Active icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser inetUserStatus: Active userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== iplanet-am-user-login-status: Active |
Use the ldapmodify command to mark the messaging and calendar user for deletion.
This step changes the user's status to “deleted” in the LDAP directory by changing the value of the user's inetUserStatus attribute to deleted.
Example:
Create the following ldif file, named markUserDeleted.ldif:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix changetype: modify replace: inetuserstatus inetuserstatus: deleted |
Run the ldapmodify command:
ldapmodify -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 -f markUserDeleted.ldif |
The user entry now looks like this:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com mailUserStatus: active sn: Smith cn: John Smith mailDeliveryOption: mailbox icsStatus: Active icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== inetUserStatus: deleted iplanet-am-user-login-status: Active |
Use the appropriate command to remove mail and calendar resources from the user.
A resource can be a mailbox or a calendar.
For mail services, you use the msuserpurge command. msuserpurge finds all user entries where inetUserStatus or mailUserStatus is set to deleted and purges those user mailboxes from the message store. All resources associated with those users are also removed. msuserpurge then marks the mailUserStatus attribute in the affected user entries as “removed.”
msuserpurge -d domain |
Specifies the domain of the user marked for deletion
For calendar services, you use the csclean command. csclean finds all user entries where inetUserStatus or icsStatus is set to deleted and removes all calendars belonging to the deleted users. It then marks the icsStatus attribute in the affected user entries as “removed.”
csclean clean domain |
Mandatory argument for running the csclean command
Specifies the domain of the user marked for deletion
Example:
msuserpurge -d sesta.com csclean clean sesta.com |
The user entry now looks like this:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com sn: Smith cn: John Smith mailDeliveryOption: mailbox icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== inetUserStatus: deleted icsStatus: removed mailUserStatus: removed iplanet-am-user-login-status: Active |
Permanently remove the user entry from the directory.
Example:
Delete the user from all groups (mail lists) in which the user is a member or owner.
Use the ldapsearch command to search the directory for all groups. If, in your directory, all groups are located under ou=Groups under a single domain, you can restrict the search to the ou=Groups subtree.
In each group, search on the following attributes:
owner uniqueMember |
Delete each instance where the value is:
uniqueMember:uid=jsmith,ou=People,o=sesta.com,o=root_suffix |
In each instance where the value is:
owner:cn=John Smith,ou=People,o=sesta.com,o=root_suffix |
change the owner to another user.
Once a user is no longer specifically named as a group member or owner, the user will no longer appear in any groups, including dynamic group memberships and any nested groups.
If the user created an address book in Communications Express, use LDAP tools to find and remove the personal address-book related LDAP entries.
The LDAP data for a user's personal address book is stored in a base entry and several subordinate entries. For a sample listing, see User Data Stored in the Directory by Communications Express.
The following steps summarize how to find and remove these entries. You might want to write your own script to automate these steps.
Use the ldapsearch command to find the user's address-book base entry and all its descendants.
The base entry is piPStoreOwner=user, where user specifies the user ID to be deleted.
Example:
ldapsearch -b "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" -s sub "objectclass=*" dn |
This example finds the personal address book DNs for a user named jsmith in the sesta.com domain.
Use the ldapdelete command to remove each subordinate entry.
Example:
ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piEntryID=e10976f864e00m,piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" |
You might prefer not to run ldapdelete for each subordinate entry. Instead, you can create a response file based on the LDIF output generated from the preceding ldapsearch command. The response file can be used with ldapdelete to iteratively delete the multiple entries.
Use the ldapdelete command to remove the user's address-book base entry.
Example:
ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" |
When you complete these steps, all user-related data maintained by Communications Express is removed.
Use this procedure if you are running Calendar Server without hosted domains, and you are also running Messaging Server (where both Messaging Server and Calendar Server users are provisioned in the same directory).
You should be familiar with the syntax and operation of the LDAP tools such as ldapmodify.
Verify the user entry you want to delete.
The following ldif file shows an example of a user entry before you begin the deletion. Note that the inetUserStatus attribute is active:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com mailUserStatus: active sn: Smith cn: John Smith mailDeliveryOption: mailbox icsStatus: Active icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser inetUserStatus: Active userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== iplanet-am-user-login-status: Active |
Use the csuser disable command to prevent the user from accessing the calendar.
csuser disable userid |
This command adds the following attribute and value to the user entry:
icsAllowedServiceAccess: http |
This step disables a user from being able to log in to Calendar Server.
Example:
csuser disable jsmith |
where jsmith is the user ID of the user.
Use the ldapmodify command to mark the messaging user for deletion.
This step changes the user's status to “deleted” in the LDAP directory by changing the value of the user's inetUserStatus attribute to deleted.
Example:
Create the following ldif file, named markUserDeleted.ldif:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix changetype: modify replace: inetuserstatus inetuserstatus: deleted |
Run the ldapmodify command:
ldapmodify -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 -f markUserDeleted.ldif |
The user entry now looks like this:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com mailUserStatus: active sn: Smith cn: John Smith mailDeliveryOption: mailbox icsStatus: Active icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== inetUserStatus: deleted icsAllowedServiceAccess: http iplanet-am-user-login-status: Active |
Use the msuserpurge command to remove the mailbox from the user.
The msuserpurge command finds all user entries where inetUserStatus or mailUserStatus is set to deleted and purges those user mailboxes from the message store. All resources associated with those users are also removed. msuserpurge then marks the mailUserStatus attribute in the affected user entries as “removed.”
msuserpurge -d domain |
Specifies the domain of the user marked for deletion
Example:
msuserpurge -d sesta.com |
The user entry now looks like this:
dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com sn: Smith cn: John Smith mailDeliveryOption: mailbox icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== inetUserStatus: deleted icsStatus: removed mailUserStatus: removed icsAllowedServiceAccess: http iplanet-am-user-login-status: Active |
Use the csuser delete command to permanently remove the user entry from the LDAP directory and remove the user's default calendar from the calendar database.
This command also deletes all secondary calendars owned by the user.
Before you run this command, be sure that the user has not been provisioned for any applications in addition to Messaging Server, Calendar Server, and Communications Express. This step permanently removes the entire user entry from the directory, including all attributes that support applications to which the user has had access.
csuser delete userid |
Specifies the user ID of the user being deleted.
Example:
csuser delete jsmith |
Delete the user from all groups (mail lists) in which the user is a member or owner.
Use the ldapsearch command to search the directory for all groups. If, in your directory, all groups are located under ou=Groups under a single domain, you can restrict the search to the ou=Groups subtree.
In each group, search on the following attributes:
owner uniqueMember |
Delete each instance where the value is:
uniqueMember:uid=jsmith,ou=People,o=sesta.com,o=root_suffix |
In each instance where the value is:
owner:cn=John Smith,ou=People,o=sesta.com,o=root_suffix |
change the owner to another user.
Once a user is no longer specifically named as a group member or owner, the user will no longer appear in any groups, including dynamic group memberships and any nested groups.
If the user created an address book in Communications Express, use LDAP tools to find and remove the personal address-book related LDAP entries.
The LDAP data for a user's personal address book is stored in a base entry and several subordinate entries. For a sample listing, see User Data Stored in the Directory by Communications Express.
The following steps summarize how to find and remove these entries. You might want to write your own script to automate these steps.
Use the ldapsearch command to find the user's address-book base entry and all its descendants.
The base entry is piPStoreOwner=user, where user specifies the user ID to be deleted.
Example:
ldapsearch -b "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" -s sub "objectclass=*" dn |
This example finds the personal address book DNs for a user named jsmith in the sesta.com domain.
Use the ldapdelete command to remove each subordinate entry.
Example:
ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piEntryID=e10976f864e00m,piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" |
You might prefer not to run ldapdelete for each subordinate entry. Instead, you can create a response file based on the LDIF output generated from the preceding ldapsearch command. The response file can be used with ldapdelete to iteratively delete the multiple entries.
Use the ldapdelete command to remove the user's address-book base entry.
Example:
ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" |
When you complete these steps, all user-related data maintained by Communications Express is removed.
Use this procedure if you are running Calendar Server without hosted domains, and no other Communications Services products are provisioned in the same directory.
Use the csuser disable command to prevent the user from accessing the calendar.
csuser disable userid |
This command adds the following attribute and value to the user entry:
icsAllowedServiceAccess: http |
This step disables a user from being able to log in to Calendar Server.
Example:
csuser disable jsmith |
where jsmith is the user ID of the user.
Use the csuser delete command to permanently remove the user entry from the LDAP directory and remove the user's default calendar from the calendar database.
This command also deletes all secondary calendars owned by the user.
Before you run this command, be sure that the user has not been provisioned for any applications other than Calendar Server. This step permanently removes the entire user entry from the directory, including all attributes that support applications to which the user has had access.
csuser delete userid |
Specifies the user ID of the user being deleted.
Example:
csuser delete jsmith |
To mark multiple users for deletion, create an input file containing the users and run commadmin user delete with the -i option. For example:
commadmin user delete -D admin -n siroe.com -w &!2x%!a5 -d sesta.com -i deletedusers |
where deletedusers is the input file listing the user entries marked for deletion. The following example shows the format of an input file:
l jsmith l pdoe l klee |
where l is the required option that identifies user IDs, and jsmith, pdoe, and so on are the user IDs of the users to be deleted.
You can delete the mail and/or calendar service only, without removing the user entry from the directory, by running commadmin user delete with either the -S mail or -S cal option.
You can also use the Delegated Administrator console to mark users for deletion:
In the console, navigate to the specified organization.
Click the Users tab (if it is not already displayed), select the users to be deleted, and click Delete.
The deleted users are removed from the console, and the users are marked for deletion in the LDAP directory.
However, you cannot use the console to remove a user entry from the directory. You must use the commadmin domain purge command to permanently remove the user entry.
The commadmin domain purge command finds all user entries in the specified domain(s) where inetUserStatus is set to deleted. The utility then takes the following actions:
If a user's mail and calendar services have been removed (that is, if the mailUserStatus and icsStatus attributes are set to removed), commadmin domain purge permanently removes the user entry from the directory.
If either mailUserStatus or icsStatus for a user is not set to removed (for example, if one attribute is still set to deleted), commadmin domain purge does not purge the user entry.
If one service attribute is set to removed but the other is not, commadmin domain purge purges the removed service, including all that service's attributes, from the user entry. It leaves the other service's attributes intact, and it leaves the user entry in the directory.
These actions prevent a mailbox or calendar from being orphaned. The user's mailbox and calendar must be removed before commadmin domain purge will remove the user entry from the directory.
You can schedule the msuserpurge command for execution with the configutil parameter local.sched.userpurge. For example:
configutil -o local.schedule.userpurge -v "30 2 * * 0 /opt/SUNWmsgsr/lib/msuserpurge -g 20" |
In the preceding example, msuserpurge will run on Sundays at 2:30 a.m. It will remove the mailbox of every user entry marked for deletion longer than 20 days.
For information on scheduling msuserpurge and other tasks, see “To Schedule Automatic Tasks” in the chapter, “Configuring General Messaging Capabilities” in the Sun Java System Messaging Server Administration Guide.
The mboxutil -d command deletes a user from the message store. However, if you follow the above procedure using the Delegated Administrator utility, you do not have to use the mboxutil -d command to delete the user's mailbox. The msuserpurge command will have already done so.
If you are running Messaging Server 5.x, use the mboxutil -d command to delete a user's mailbox. The msuserpurge command is only available with Sun Java System Messaging Server 6.
The user running the msuserpurge and csclean utilities must have sufficient access to the directory to modify the LDAP entry of the user being deleted—specifically, to set the status of attributes such as mailUserStatus, icsStatus, and inetUserStatus.
Communications Express stores address-book data in LDAP entries under the dn o=PiServerDb. The following example shows the directory structure in which the address book entries for jsmith and other users is located:
o=PiServerDb o=sesta.com o=piPStoreOwner=jsmith o=piPStoreOwner=pdoe o=piPStoreOwner=klee |
The following sample ldif file shows the LDAP entries that store address-book data for the user jsmith under the o=piPStoreOwner entry. The example includes entries for the user's personal address book, corporate directory, and personal store:
dn: piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb piDefaultAB: e10976f864e00 lastPurgeDate: 20060217T074523Z piPStoreOwner: jsmith objectClass: piPStoreRoot objectClass: top dn: piEntryID=e10976f864e00,piPStoreOwner=jsmith,o=sesta.com, o=PiServerDb displayName: Personal Address Book objectClass: PITYPEBOOK objectClass: piLocalBook objectClass: top piEntryID: e10976f864e00 multiLineDescription: This is your Business Address Book piBookType: abook dn: piEntryID=e10976f865771,piPStoreOwner=jsmith,o=sesta.com, o=PiServerDb displayName: Corporate Directory objectClass: PITYPEBOOK objectClass: piRemoteBook objectClass: top piEntryID: e10976f865771 multiLineDescription: This is your Corporate Directory piRemotePiURL: ldap://corpdirectory piBookType: abook dn: piEntryID=e10976f8659f2,piPStoreOwner=jsmith,o=sesta.com, o=PiServerDb displayName: iPlanet Applications objectClass: PITYPEBOOK objectClass: top piEntryID: e10976f8659f2 piBookType: pbook dn: piEntryID=e10976f865bd3,piPStoreOwner=jsmith,o=sesta.com, o=PiServerDb displayName: iPlanet Personal Store objectClass: PITYPEPROFILE objectClass: piEntry objectClass: top piEntryID: e10976f865bd3 memberOfPIBook: e10976f8659f2 dn: piEntryID=e10976f8665f4,piPStoreOwner=jsmith,o=sesta.com, o=PiServerDb displayName: iPlanet Applications objectClass: PITYPEPROFILE objectClass: piEntry objectClass: top piEntryID: e10976f8665f4 memberOfPIBook: e10976f8659f2 |
Refer to the following documentation for more information.
The “Managing Mail Users, Mailing Lists and Domains” section in the Sun Java System Messaging Server 6 2005Q4 Administration Guide: http://docs.sun.com/app/docs/doc//819-2650/6n4u4dtna?a=view
The “commadmin user delete” section in the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide: http://docs.sun.com/app/docs/doc//819-2658/6n4uc226h?a=view
The “commadmin domain purge” section in the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide: http://docs.sun.com/app/docs/doc//819-2658/6n4uc226h?a=view
The “msuserpurge” section in the Sun Java System Messaging Server 6 2005Q4 Administration Reference: http://docs.sun.com/app/docs/doc//819-2651/6n4u5ce7b?a=view
The “csclean” section in the Sun Java System 6 2005Q4 Calendar Server Administration Guide: http://docs.sun.com/app/docs/doc//819-2433/6n4nlfjve?a=view
The “ldapmodify” section in the Sun Java System Directory Server 5.2 2005Q1 Man Page Reference: http://docs.sun.com/app/docs/doc/817–7620/6mmu6mn8q?a=view
The “ldapdelete” section in the Sun Java System Directory Server 5.2 2005Q1 Man Page Reference: http://docs.sun.com/app/docs/doc/817–7620/6mmu6mn8p?a=view
The section, “To Schedule Automatic Tasks” (such as msuserpurge) in the Sun Java System Messaging Server 6 2005Q4 Administration Guide: http://docs.sun.com/app/docs/doc//819-2650/6n4u4dtnj?a=view