Mass Deleting Users in LSF 9

I have now tested this, and it does remove all of security for a user. I checked LDAP (I use an LDAP browser), LAUA (we still use it), and LS before and after running the loadusers -u, and every piece was removed. I also confirmed with Lawson that this would take care of everything with no other steps needed.

This will make for a nice simple cleanup of accounts...much easier than I thought it was going be.

Posted By TBonney on 05/07/2010 01:30 PM
Cindy,

Thank you for your post. Sorry for the confusion on my last post. I know that the -f switch simply referes the job to look to the designated file for input. I am familiar with using this switch with the loadusers utility to load users. That is how we add most of our new users. I had thought that one of the previous posts stated there was simply a different switch to be used to delete users as opossed to loading them.

However, based on your post, in order to use the same utility to delete users, is it as simple as updating the xml file with blank elements, except for the user id element as you've shown?

Thank you for any additional guidance you might provide.

Yes - it was that simple.
This is the contents of the file that I used in the loadusers command.

<?xml version="1.0" encoding="iso-8859-1"?>
<xml>
<USERDATA>
<USER id="invalid"/>
<USER id="testrmid1"/>
<USER id="testrmid2"/>
<USER id="testrmid3"/>
</USERDATA>
<IDENTITIES>
</IDENTITIES>
</xml>

As you can see, I also tested what would happen with an invalid account in the file, and it had no impact whatsoever...all valid accounts were removed. Also, case did not matter on the RMIDs - upper and lower both worked.

I thought that the delete would have the -u switch that the add users does not have..

I understand that the command to add looks like this:

loadusers -f filename.xml -p PRODUCTLINE

the one to remove looks like this:

loadusers -f filename.xml -p PRODUCTLINE -u

Posted By beverly godwin on 05/10/2010 05:03 PM
I thought that the delete would have the -u switch that the add users does not have..

I understand that the command to add looks like this:

loadusers -f filename.xml -p PRODUCTLINE

the one to remove looks like this:

loadusers -f filename.xml -p PRODUCTLINE -u

Sorry - I didn't include the command in my post. The command that I used was:

loadusers -f filename.xml -u


The contents of the .xml file is shown in my previous post.
Also, I did not use a product line parameter.

I'm not on the new lawson security (we still use LAUA). I'm not deleting users that are business users found in LAUA though...I'm only mass removing some termed employees that only use the system for EMSS. They all use a privledged ID UFP\ONLINE to get their security. It looks like I can just use the User ID to remove these, but would I also need to have the identiy info in the file also if I want the identity record with employee # and co. # gone also?

<?xml version="1.0" encoding="ISO-8859-1" ?>
<XML>
<ROLEDATA>
</ROLEDATA>
<GROUPDATA>
</GROUPDATA>
<USERDATA>
<USER ID = "chabib"/>
<USER ID = "phaeberle"/>
<USER ID = "bhagan"/>
<USER ID = "SharonP"/>
</USERDATA>
<IDENTITIES>
<IDENTITY ID="chabib"/>
<IDENTITY ID="phaeberle"/>
<IDENTITY ID="bhagan"/>
<IDENTITY ID="SharonP"/>
</IDENTITIES>
</XML>

what about clearing out their LAUA data if any? or etc passwd data too? the coordination of these tasks is important. isn't it?

Hi Cindy

For clarity  the -u option will remove users from LDAP.  Will it also clean up their security classes from LAUA too?   If they have an entry in /etc/passwd will that remove that too?

Thanks in advance for clarifying this

Dean-O

what happens to any jobs and print mgr files they may have had?