You are here

user account purge process

Submitted by melissa.zver@tr... on Tue, 09/01/2015 - 11:27

Forums:

We have our quarterly AD purge process that will be occurring next week. In our previous LP4 environment, we would have a file that we would run cptool against to purge those accounts in LP4 LDAP.
Since LP5 does not have its own LDAP and the accounts are housed in the database, how would we run the purge process within LP5?

Luminis Version:

I might take this time to re-evaluate if getting rid of accounts is necessary. We have never deleted an account in our portal (10+ years now) and have not had any issues. Are you re-using ID's or something?

That said, LP5 does have an ldap (OpenDS). You cannot log into LP5 without have the accounts provisioned inside LP5's LDAP as well as your authentication LDAP. You probably have LP5 pointed to an external authentication source, like AD or CAS backed by AD.

In terms of deleting accounts, I think you would need to use Ellucian API/SDK. I just looked over the javadocs, and DelegatingPersonService has a delete person method. I've never tried it though.

If you are able to generate an LDIPERSON xml from Banner of the users you wish to purge, you can have Luminis 5 process this file with the following flag added to the <person> tag and it will delete out the user's LP5 accounts :
<person recstatus="3">

In order to enable LP5's LDI account deletion support, you need to first update the following data integration setting via jconsole before having LP5 process the modded LDIPERSON xml file (outlined in ellucian FAQ # 1-IC0BFS) :
data.integration.incoming.provision.delete_from_external_system=true

This setting is set to 'false' w/a baseline Luminis 5 install. A 'false' setting means that Luminis 5 will disable the account, not delete it, so that you can keep the accounts in v.5 but users won't be able to log in.

Flipping this setting to 'true' then enables the v.5 LDI code to support account deletion. The LDI code will then purge out the user's LDAP account, the Liferay & Luminis 5 user data table records and any related user data from the LP5 database (ie- user roles, Sites/Communities membership, etc). So make sure that you REALLY want to support user account deletion when you change this value. I would even go so far as to recommend that you flip this setting before and after you run your account purge, to ensure that only your custom user account purge process has this ability.

Alice