wiki:RemovingUsers
Last modified 11 years ago Last modified on 09/26/06 13:55:38

We don't actually remove users as such; we disable accounts and archive their data for future reference.

Archiving the home directory

Old home directories are kept in /usr/local/data/archive/people/ on vagal. The top level in that directory is the username (e.g., darren). Next level is machine name, which contains the users /home/ files from that machine. To find the default home directory in LDAP, use ldapsearch -xLLL '(uid=darren)' If they have more than one home directory (NeXT, SGI, MacOS, etc.) there will be more than one machine name.

For example, darren's former home directory on sulcus would be /usr/local/data/archive/people/darren/sulcus. You can transfer the files with rsync over ssh, for example:

ssh vagal
cd /usr/local/data/archive/people/
eval `ssh-agent`; ssh-add
mkdir -p darren/sulcus
rsync -Sa --numeric-ids -e ssh -c blowfish sulcus:/home/darren /usr/local/data/archive/people/darren/sulcus

On vastus, you probably want to copy the whole tree of their home directory as links, which is the same way each day's backups works. This way a large home directory is not recreated in /usr/local/data/archive/people/:

ssh vastus
cd /data/rsync-data/current/vagal/usr/local/data/archive/people/
mkdir -p darren/sulcus
cp -al /data/rsync-home/current/sulcus/home/darren/ sulcus/darren

After copying the files, add an entry in the /usr/local/data/archive/people/README, delete the home directory from the old machine, and disable the account in LDAP.

LDAP

To disable an LDAP account, move the ou=username People and Group entries to LockedPeople and LockedGroup. The easiest way to do this is with the Java LDAP Browser. Open it and expand ou=People and find the user (you may want to go to View|Sort to alphabetize them). Select the ou=username entry on the left and click Edit|Move Entry... In the popup, change People to LockedPeople, check the New DN box, then click the Move button. Follow the same procedure for the Group entry.