Deleting Messaging Server, Calendar Server, and Communications Express User Data

To completely remove Messaging Server, Calendar Server, and Communications Express user data from the LDAP directory, the steps involve:

1. Marking the user entry for deletion

2. Removing the user's resources (mailbox and calendar)

3. Purging the user entry from LDAP

4. Removing the user from groups (mailing lists)

In addition, if the user used a personal address book within Communications Express, you need to delete those entries from LDAP.

Methods for Removing Users

You should use one of these methods to remove users:

• Sun Java System Communications Services Delegated Administrator command-line tools

• LDAP tools provided by Sun Java System Directory Server

• Calendar Server utilities (for removing users of Calendar Server in non-hosted domain mode)

The procedures in this technical note describe how to use these different approaches. Each approach uses a different tool set.

Which Method Should You Use?

The method you choose depends on the Communications Services products and versions you have installed.

Removing Users (Task Map)

The following table provides links directing you to the method (task) appropriate for your installation.

Preventing Unwanted User Purges

Permanently removing a user from the LDAP directory should always be the final step in a carefully planned procedure. Once you purge a user, it can be hard to retrieve the user information from back-up data, if that should become necessary.

Therefore, each procedure described here includes a first step that disables the user. After a user is disabled, that user cannot access the applications (the mailbox or calendar), but the user entry itself remains in the directory.

A later step permanently removes the user from the directory.

You can choose to run the purge step immediately after the disable step, or you can allow a period of time to pass between these steps to ensure that no user is accidentally purged.

Delegated Administrator provides a built-in grace period, which you can reset with a simple command-line option. This is one of the advantages of using Delegated Administrator.

If you use direct LDAP tools to remove the user, you can set an administrator-managed grace period as a best practice.

To Delete Messaging Server and Calendar Server Users with Delegated Administrator Command-Line Tools

The Delegated Administrator commadmin domain purge command shown in these steps must be run by the Top-Level Administrator. (The commadmin user delete command can be run by a Top-Level Administrator or an Organization Administrator.)

Before You Begin

In the Access Manager Administration Console, be sure that the Compliance User Deletion option is selected. It is selected by default when you configure Delegated Administrator.

The Compliance User Deletion option ensures that the user's LDAP entry is marked for deletion when you run the commadmin user delete command in Step 1, below. If this option is not selected, the commadmin user delete command will not operate properly.

1. Use the commadmin command to mark the messaging and calendar user for deletion.

   This step changes the user's status to “deleted” in the LDAP directory by changing the value of the user's inetUserStatus attribute to deleted.

   commadmin user delete -D admin user -n admin domain -w password -d domain -l user

   -D admin user

   Specifies the user ID of the Top-Level Administrator (the user with permission to execute this command)

   -n admin domain

   Specifies the domain of the Top-Level Administrator

   -w password

   Specifies the password of the Top-Level Administrator

   -d domain

   Specifies the domain of the user to be deleted

   -l user

   Specifies the user ID of the user to be deleted

   Example:

   commadmin user delete -D admin -n siroe.com -w &!2x%!a5 -d sesta.com -l jsmith

2. Use the appropriate command to remove mail and calendar resources from the user.

   A resource can be a mailbox or a calendar.

   For mail services, you use the msuserpurge command. msuserpurge finds all user entries where inetUserStatus or mailUserStatus is set to deleted and purges those user mailboxes from the message store. All resources associated with those users are also removed. msuserpurge then marks the mailUserStatus attribute in the affected user entries as “removed.”

   msuserpurge -d domain

   -d domain

   Specifies the domain of the user marked for deletion

   For calendar services, you use the csclean command. csclean finds all user entries where inetUserStatus or icsStatus is set to deleted and removes all calendars belonging to the deleted users. It then marks the icsStatus attribute in the affected user entries as “removed.”

   csclean clean domain

   clean

   Mandatory argument for running the csclean command

   domain

   Specifies the domain of the user marked for deletion

   Example:

   msuserpurge -d sesta.com csclean clean sesta.com

3. Permanently remove the user entry from the directory by running the commadmin domain purge command.

   The commadmin domain purge command permanently removes all user entries that have been marked as deleted. This command also removes the user from all groups (mail lists) in which the user is a member or owner.

   commadmin domain purge -D admin user -n admin domain -w password -d domain -g grace

   -D admin user

   Specifies the user ID of the Top-Level Administrator (the user with permission to execute this command)

   -n admin domain

   Specifies the domain of the Top-Level Administrator

   -w password

   Specifies the password of the Top-Level Administrator

   -d domain

   Specifies the domain of the user to be deleted

   -g grace

   Specifies the grace period, in days, before the user is purged. Only users marked for deletion longer than the specified grace period are removed. The default value is 5 days. A 0 indicates purge immediately.

   Example:

   commadmin domain purge -D admin -n siroe.com -w &!2x%!a5 -d sesta.com -g 2

   In the preceding example, only user entries marked for deletion longer than 2 days ago are removed. If you run commadmin user delete and commadmin domain purge on the same day, you would have to set the grace period to 0 to permanently remove those users.

4. If the user created an address book in Communications Express, use LDAP tools to find and remove the personal address-book related LDAP entries.

   The LDAP data for a user's personal address book is stored in a base entry and several subordinate entries. For a sample listing, see User Data Stored in the Directory by Communications Express.

   The following steps summarize how to find and remove these entries. You might want to write your own script to automate these steps.

   1. Use the ldapsearch command to find the user's address-book base entry and all its descendants.

      The base entry is piPStoreOwner=user, where user specifies the user ID to be deleted.

      Example:

      ldapsearch -b "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" -s sub "objectclass=*" dn

      This example finds the personal address book DNs for a user named jsmith in the sesta.com domain.

   2. Use the ldapdelete command to remove each subordinate entry.

      Example:

      ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piEntryID=e10976f864e00m,piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb"

      You might prefer not to run ldapdelete for each subordinate entry. Instead, you can create a response file based on the LDIF output generated from the preceding ldapsearch command. The response file can be used with ldapdelete to iteratively delete the multiple entries.

   3. Use the ldapdelete command to remove the user's address-book base entry.

      Example:

      ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb"

      When you complete these steps, all user-related data maintained by Communications Express is removed.

To Delete Messaging Server and Calendar Server Users with LDAP Tools

Before You Begin

You should be familiar with the syntax and operation of the LDAP tools such as ldapmodify.

1. Verify the user entry you want to delete.

   The following ldif file shows an example of a user entry before you begin the deletion. Note that the inetUserStatus attribute is active:

   dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com mailUserStatus: active sn: Smith cn: John Smith mailDeliveryOption: mailbox icsStatus: Active icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser inetUserStatus: Active userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== iplanet-am-user-login-status: Active

2. Use the ldapmodify command to mark the messaging and calendar user for deletion.

   This step changes the user's status to “deleted” in the LDAP directory by changing the value of the user's inetUserStatus attribute to deleted.

   Example:

   1. Create the following ldif file, named markUserDeleted.ldif:

      dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix changetype: modify replace: inetuserstatus inetuserstatus: deleted

   2. Run the ldapmodify command:

      ldapmodify -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 -f markUserDeleted.ldif

      The user entry now looks like this:

      dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com mailUserStatus: active sn: Smith cn: John Smith mailDeliveryOption: mailbox icsStatus: Active icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== inetUserStatus: deleted iplanet-am-user-login-status: Active

3. Use the appropriate command to remove mail and calendar resources from the user.

   A resource can be a mailbox or a calendar.

   For mail services, you use the msuserpurge command. msuserpurge finds all user entries where inetUserStatus or mailUserStatus is set to deleted and purges those user mailboxes from the message store. All resources associated with those users are also removed. msuserpurge then marks the mailUserStatus attribute in the affected user entries as “removed.”

   msuserpurge -d domain

   -d domain

   Specifies the domain of the user marked for deletion

   For calendar services, you use the csclean command. csclean finds all user entries where inetUserStatus or icsStatus is set to deleted and removes all calendars belonging to the deleted users. It then marks the icsStatus attribute in the affected user entries as “removed.”

   csclean clean domain

   clean

   Mandatory argument for running the csclean command

   domain

   Specifies the domain of the user marked for deletion

   Example:

   msuserpurge -d sesta.com csclean clean sesta.com

   The user entry now looks like this:

   dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com sn: Smith cn: John Smith mailDeliveryOption: mailbox icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== inetUserStatus: deleted icsStatus: removed mailUserStatus: removed iplanet-am-user-login-status: Active

4. Permanently remove the user entry from the directory.

   Example:

   1. Create the following ldif file, named deleteUser.ldif:

      uid=jsmith,ou=People,o=sesta.com,o=root_suffix

   2. Run the ldapdelete command:

      ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 -f deleteUser.ldif

      The user entry is removed from the directory.

5. Delete the user from all groups (mail lists) in which the user is a member or owner.

   Use the ldapsearch command to search the directory for all groups. If, in your directory, all groups are located under ou=Groups under a single domain, you can restrict the search to the ou=Groups subtree.

   In each group, search on the following attributes:

   owner uniqueMember

   Delete each instance where the value is:

   uniqueMember:uid=jsmith,ou=People,o=sesta.com,o=root_suffix

   In each instance where the value is:

   owner:cn=John Smith,ou=People,o=sesta.com,o=root_suffix

   change the owner to another user.

   ---

   Note –

   Once a user is no longer specifically named as a group member or owner, the user will no longer appear in any groups, including dynamic group memberships and any nested groups.

   ---

6. If the user created an address book in Communications Express, use LDAP tools to find and remove the personal address-book related LDAP entries.

   The LDAP data for a user's personal address book is stored in a base entry and several subordinate entries. For a sample listing, see User Data Stored in the Directory by Communications Express.

   The following steps summarize how to find and remove these entries. You might want to write your own script to automate these steps.

   1. Use the ldapsearch command to find the user's address-book base entry and all its descendants.

      The base entry is piPStoreOwner=user, where user specifies the user ID to be deleted.

      Example:

      ldapsearch -b "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" -s sub "objectclass=*" dn

      This example finds the personal address book DNs for a user named jsmith in the sesta.com domain.

   2. Use the ldapdelete command to remove each subordinate entry.

      Example:

      ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piEntryID=e10976f864e00m,piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb"

      You might prefer not to run ldapdelete for each subordinate entry. Instead, you can create a response file based on the LDIF output generated from the preceding ldapsearch command. The response file can be used with ldapdelete to iteratively delete the multiple entries.

   3. Use the ldapdelete command to remove the user's address-book base entry.

      Example:

      ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb"

      When you complete these steps, all user-related data maintained by Communications Express is removed.

To Delete Users of Calendar Server in Non-Hosted Domain Mode and Messaging Server

Use this procedure if you are running Calendar Server without hosted domains, and you are also running Messaging Server (where both Messaging Server and Calendar Server users are provisioned in the same directory).

Before You Begin

You should be familiar with the syntax and operation of the LDAP tools such as ldapmodify.

1. Verify the user entry you want to delete.

   The following ldif file shows an example of a user entry before you begin the deletion. Note that the inetUserStatus attribute is active:

   dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com mailUserStatus: active sn: Smith cn: John Smith mailDeliveryOption: mailbox icsStatus: Active icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser inetUserStatus: Active userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== iplanet-am-user-login-status: Active

2. Use the csuser disable command to prevent the user from accessing the calendar.

   csuser disable userid

   This command adds the following attribute and value to the user entry:

   icsAllowedServiceAccess: http

   This step disables a user from being able to log in to Calendar Server.

   Example:

   csuser disable jsmith

   where jsmith is the user ID of the user.

3. Use the ldapmodify command to mark the messaging user for deletion.

   This step changes the user's status to “deleted” in the LDAP directory by changing the value of the user's inetUserStatus attribute to deleted.

   Example:

   1. Create the following ldif file, named markUserDeleted.ldif:

      dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix changetype: modify replace: inetuserstatus inetuserstatus: deleted

   2. Run the ldapmodify command:

      ldapmodify -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 -f markUserDeleted.ldif

      The user entry now looks like this:

      dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com mailUserStatus: active sn: Smith cn: John Smith mailDeliveryOption: mailbox icsStatus: Active icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== inetUserStatus: deleted icsAllowedServiceAccess: http iplanet-am-user-login-status: Active

4. Use the msuserpurge command to remove the mailbox from the user.

   The msuserpurge command finds all user entries where inetUserStatus or mailUserStatus is set to deleted and purges those user mailboxes from the message store. All resources associated with those users are also removed. msuserpurge then marks the mailUserStatus attribute in the affected user entries as “removed.”

   msuserpurge -d domain

   -d domain

   Specifies the domain of the user marked for deletion

   Example:

   msuserpurge -d sesta.com

   The user entry now looks like this:

   dn: uid=jsmith,ou=People,o=sesta.com,o=root_suffix icsFirstDay: 2 uid: jsmith iplanet-am-modifiable-by: cn=Top-level Admin Role,o=root_suffix icsTimezone: America/Denver givenName: John mail: jsmith@sesta.com sn: Smith cn: John Smith mailDeliveryOption: mailbox icsCalendar: jsmith@sesta.com mailHost: mail.siroe.com objectClass: userpresenceprofile objectClass: icscalendaruser objectClass: top objectClass: iplanet-am-managed-person objectClass: iplanet-am-user-service objectClass: inetadmin objectClass: organizationalperson objectClass: person objectClass: inetuser objectClass: inetlocalmailrecipient objectClass: iplanetpreferences objectClass: ipuser objectClass: inetorgperson objectClass: inetsubscriber objectClass: inetmailuser userPassword: {SSHA}uSRLlYBjzFxu4f2nWtXU4XoVdExKSLcSRhYbFw== inetUserStatus: deleted icsStatus: removed mailUserStatus: removed icsAllowedServiceAccess: http iplanet-am-user-login-status: Active

5. Use the csuser delete command to permanently remove the user entry from the LDAP directory and remove the user's default calendar from the calendar database.

   This command also deletes all secondary calendars owned by the user.

   Before you run this command, be sure that the user has not been provisioned for any applications in addition to Messaging Server, Calendar Server, and Communications Express. This step permanently removes the entire user entry from the directory, including all attributes that support applications to which the user has had access.

   csuser delete userid

   userid

   Specifies the user ID of the user being deleted.

   Example:

   csuser delete jsmith

6. Delete the user from all groups (mail lists) in which the user is a member or owner.

   Use the ldapsearch command to search the directory for all groups. If, in your directory, all groups are located under ou=Groups under a single domain, you can restrict the search to the ou=Groups subtree.

   In each group, search on the following attributes:

   owner uniqueMember

   Delete each instance where the value is:

   uniqueMember:uid=jsmith,ou=People,o=sesta.com,o=root_suffix

   In each instance where the value is:

   owner:cn=John Smith,ou=People,o=sesta.com,o=root_suffix

   change the owner to another user.

   ---

   Note –

   Once a user is no longer specifically named as a group member or owner, the user will no longer appear in any groups, including dynamic group memberships and any nested groups.

   ---

7. If the user created an address book in Communications Express, use LDAP tools to find and remove the personal address-book related LDAP entries.

   The LDAP data for a user's personal address book is stored in a base entry and several subordinate entries. For a sample listing, see User Data Stored in the Directory by Communications Express.

   The following steps summarize how to find and remove these entries. You might want to write your own script to automate these steps.

   1. Use the ldapsearch command to find the user's address-book base entry and all its descendants.

      The base entry is piPStoreOwner=user, where user specifies the user ID to be deleted.

      Example:

      ldapsearch -b "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb" -s sub "objectclass=*" dn

      This example finds the personal address book DNs for a user named jsmith in the sesta.com domain.

   2. Use the ldapdelete command to remove each subordinate entry.

      Example:

      ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piEntryID=e10976f864e00m,piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb"

      You might prefer not to run ldapdelete for each subordinate entry. Instead, you can create a response file based on the LDIF output generated from the preceding ldapsearch command. The response file can be used with ldapdelete to iteratively delete the multiple entries.

   3. Use the ldapdelete command to remove the user's address-book base entry.

      Example:

      ldapdelete -D "uid=admin,ou=People,o=siroe.com,o=root_suffix" -w &!2x%!a5 "piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb"

      When you complete these steps, all user-related data maintained by Communications Express is removed.

To Delete Users of Stand-Alone Calendar Server in Non-Hosted Domain Mode

Use this procedure if you are running Calendar Server without hosted domains, and no other Communications Services products are provisioned in the same directory.

1. Use the csuser disable command to prevent the user from accessing the calendar.

   csuser disable userid

   This command adds the following attribute and value to the user entry:

   icsAllowedServiceAccess: http

   This step disables a user from being able to log in to Calendar Server.

   Example:

   csuser disable jsmith

   where jsmith is the user ID of the user.

2. Use the csuser delete command to permanently remove the user entry from the LDAP directory and remove the user's default calendar from the calendar database.

   This command also deletes all secondary calendars owned by the user.

   Before you run this command, be sure that the user has not been provisioned for any applications other than Calendar Server. This step permanently removes the entire user entry from the directory, including all attributes that support applications to which the user has had access.

   csuser delete userid

   userid

   Specifies the user ID of the user being deleted.

   Example:

   csuser delete jsmith

Notes on Using Delegated Administrator

Deleting Multiple Users

To mark multiple users for deletion, create an input file containing the users and run commadmin user delete with the -i option. For example:

commadmin user delete -D admin -n siroe.com -w &!2x%!a5 -d sesta.com -i deletedusers

where deletedusers is the input file listing the user entries marked for deletion. The following example shows the format of an input file:

l jsmith

l pdoe

l klee

where l is the required option that identifies user IDs, and jsmith, pdoe, and so on are the user IDs of the users to be deleted.

Deleting Mail and Calendar Services

You can delete the mail and/or calendar service only, without removing the user entry from the directory, by running commadmin user delete with either the -S mail or -S cal option.

Using the Delegated Administrator Console to Delete Users

You can also use the Delegated Administrator console to mark users for deletion:

1. In the console, navigate to the specified organization.

2. Click the Users tab (if it is not already displayed), select the users to be deleted, and click Delete.

The deleted users are removed from the console, and the users are marked for deletion in the LDAP directory.

However, you cannot use the console to remove a user entry from the directory. You must use the commadmin domain purge command to permanently remove the user entry.

Actions Performed by the Domain Purge Command

The commadmin domain purge command finds all user entries in the specified domain(s) where inetUserStatus is set to deleted. The utility then takes the following actions:

• If a user's mail and calendar services have been removed (that is, if the mailUserStatus and icsStatus attributes are set to removed), commadmin domain purge permanently removes the user entry from the directory.

• If either mailUserStatus or icsStatus for a user is not set to removed (for example, if one attribute is still set to deleted), commadmin domain purge does not purge the user entry.

• If one service attribute is set to removed but the other is not, commadmin domain purge purges the removed service, including all that service's attributes, from the user entry. It leaves the other service's attributes intact, and it leaves the user entry in the directory.

  These actions prevent a mailbox or calendar from being orphaned. The user's mailbox and calendar must be removed before commadmin domain purge will remove the user entry from the directory.

Notes on Using Messaging Server Utilities

1. You can schedule the msuserpurge command for execution with the configutil parameter local.sched.userpurge. For example:

   configutil -o local.schedule.userpurge -v "30 2 * * 0 /opt/SUNWmsgsr/lib/msuserpurge -g 20"

   In the preceding example, msuserpurge will run on Sundays at 2:30 a.m. It will remove the mailbox of every user entry marked for deletion longer than 20 days.

   For information on scheduling msuserpurge and other tasks, see “To Schedule Automatic Tasks” in the chapter, “Configuring General Messaging Capabilities” in the Sun Java System Messaging Server Administration Guide.

2. The mboxutil -d command deletes a user from the message store. However, if you follow the above procedure using the Delegated Administrator utility, you do not have to use the mboxutil -d command to delete the user's mailbox. The msuserpurge command will have already done so.

   If you are running Messaging Server 5.x, use the mboxutil -d command to delete a user's mailbox. The msuserpurge command is only available with Sun Java System Messaging Server 6.

3. The user running the msuserpurge and csclean utilities must have sufficient access to the directory to modify the LDAP entry of the user being deleted—specifically, to set the status of attributes such as mailUserStatus, icsStatus, and inetUserStatus.

User Data Stored in the Directory by Communications Express

Communications Express stores address-book data in LDAP entries under the dn o=PiServerDb. The following example shows the directory structure in which the address book entries for jsmith and other users is located:

o=PiServerDb
   o=sesta.com
     o=piPStoreOwner=jsmith
     o=piPStoreOwner=pdoe
     o=piPStoreOwner=klee

The following sample ldif file shows the LDAP entries that store address-book data for the user jsmith under the o=piPStoreOwner entry. The example includes entries for the user's personal address book, corporate directory, and personal store:

dn: piPStoreOwner=jsmith,o=sesta.com,o=PiServerDb
piDefaultAB: e10976f864e00
lastPurgeDate: 20060217T074523Z
piPStoreOwner: jsmith
objectClass: piPStoreRoot
objectClass: top

dn: piEntryID=e10976f864e00,piPStoreOwner=jsmith,o=sesta.com, o=PiServerDb
displayName: Personal Address Book
objectClass: PITYPEBOOK
objectClass: piLocalBook
objectClass: top
piEntryID: e10976f864e00
multiLineDescription: This is your Business Address Book
piBookType: abook

dn: piEntryID=e10976f865771,piPStoreOwner=jsmith,o=sesta.com, o=PiServerDb
displayName: Corporate Directory
objectClass: PITYPEBOOK
objectClass: piRemoteBook
objectClass: top
piEntryID: e10976f865771
multiLineDescription: This is your Corporate Directory
piRemotePiURL: ldap://corpdirectory
piBookType: abook

dn: piEntryID=e10976f8659f2,piPStoreOwner=jsmith,o=sesta.com, o=PiServerDb
displayName: iPlanet Applications
objectClass: PITYPEBOOK
objectClass: top
piEntryID: e10976f8659f2
piBookType: pbook

dn: piEntryID=e10976f865bd3,piPStoreOwner=jsmith,o=sesta.com, o=PiServerDb
displayName: iPlanet Personal Store
objectClass: PITYPEPROFILE
objectClass: piEntry
objectClass: top
piEntryID: e10976f865bd3
memberOfPIBook: e10976f8659f2

dn: piEntryID=e10976f8665f4,piPStoreOwner=jsmith,o=sesta.com, o=PiServerDb
displayName: iPlanet Applications
objectClass: PITYPEPROFILE
objectClass: piEntry
objectClass: top
piEntryID: e10976f8665f4
memberOfPIBook: e10976f8659f2

Further Readings

Refer to the following documentation for more information.

• The “Managing Mail Users, Mailing Lists and Domains” section in the Sun Java System Messaging Server 6 2005Q4 Administration Guide: http://docs.sun.com/app/docs/doc//819-2650/6n4u4dtna?a=view

• The “commadmin user delete” section in the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide: http://docs.sun.com/app/docs/doc//819-2658/6n4uc226h?a=view

• The “commadmin domain purge” section in the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide: http://docs.sun.com/app/docs/doc//819-2658/6n4uc226h?a=view

• The “msuserpurge” section in the Sun Java System Messaging Server 6 2005Q4 Administration Reference: http://docs.sun.com/app/docs/doc//819-2651/6n4u5ce7b?a=view

• The “csclean” section in the Sun Java System 6 2005Q4 Calendar Server Administration Guide: http://docs.sun.com/app/docs/doc//819-2433/6n4nlfjve?a=view

• The “ldapmodify” section in the Sun Java System Directory Server 5.2 2005Q1 Man Page Reference: http://docs.sun.com/app/docs/doc/817–7620/6mmu6mn8q?a=view

• The “ldapdelete” section in the Sun Java System Directory Server 5.2 2005Q1 Man Page Reference: http://docs.sun.com/app/docs/doc/817–7620/6mmu6mn8p?a=view

• The section, “To Schedule Automatic Tasks” (such as msuserpurge) in the Sun Java System Messaging Server 6 2005Q4 Administration Guide: http://docs.sun.com/app/docs/doc//819-2650/6n4u4dtnj?a=view