Nethserver 7.3 as Domain AD - User deletion and group mail alias

Well, we can see some inconsistencies among the packages listed above.

Surely, ns7 has a new concept/use case that ns6 does not have: the remote account provider. In this case the user-deleted and group-deleted events can’t be catched.

After some months of real world experience, I’d prefer ns7 behaves exactly like ns6 on the local account provider scenario. Thus when a user/group is deleted, also local data dirs are removed.

But on remote scenario nothing can be done.

Confirmed. Mail aliases must be created manually. For local accounts provider on a mail server, an UI enhancement during user/group creation could be adding a checkbox that enables mail alias and shared mailbox creation.

1 Like

In my opinion, creating a group should create a mail alias. Great idea of @davidep to add a checkbox.

Deleting a (local) user should propose the deletion of related data (mail, nextcloud …).

Added project cards with NFR here

I totally support this, it would make the behavior more consistent.

Got it workable, do you want it only on group creation,…no update on group-modify, we could make a check box and update the group alias on event group-modify too

1 Like

What would happen when the checkbox is unchecked in group/edit panel?

pseudonym key is not created
event pseudonym-create & event sharedmailbox-create are not launched

The checkbox appears only in group creation and if dovecot is installed (mail2-server)

1 Like

I agree to go with the group creation use case at first. Further use cases can be designed at a later time.

The checkbox label could be

 Create also a shared mailbox and an email address named after the group
2 Likes

I see one cons with only the group-create event:

  • create a group and create group alias
  • remove the group
  • create it again
  • sharedmailbox-create will warn that the mailbox exists

IMHO, two ways

  • grep and test if the shared mail box exist before to trigger the event
  • implement a group-modify and a group-delete to expand more users as alias of a group and/or delete the shared mailbox and the users no more longer of that group.

what do you think ?

here a prototype based on user-event

Delete resources on {user,group}-delete events
Nethserver 7.3 as Domain AD - User deletion and group mail alias - #4 by davidep

what ressources to delete, can we make a list

vmails box
samba home ?
nextcloud ?

Does we just remove without warnings the user resources or we could make a checkbox list of resources to remove ?

- user deletion, what resources you want to remove
[ ] email box
[ ] samba home
[ ] Nextcloud file

I guess that applications which need to remove data, should simply register to the delete event.

Samba, Nextcloud and homes are ok as starting point.
Maybe we could also remove the user mailbox.

1 Like

not seem trivial for nextcloud…this is the path

/var/lib/nethserver/nextcloud/B20B58F4-04A1-4923-8C42-2B50F9995863/files/Documents/file2
/var/lib/nethserver/nextcloud/C34FF8A0-F2BA-47F2-B3E6-5C71885C5491/files/Documents/file1

Need to find how to retrieve the username from the path

for samba, it is easy

/var/lib/nethserver/home/helene/

Hi,

I am not really know the coding… but it should be done using the nexctcloud API.

2 Likes

Yes, maybe the occ command can help to sort out the user’s folder /cc @alep

2 Likes

yep something like this should do the trick

https://docs.nextcloud.com/server/13/admin_manual/configuration_user/user_auth_ldap_cleanup.html#ldap-user-cleanup

sudo -u www-data php occ user:delete [user]
removes the user’s data from the Nextcloud data directory.

[root@ns7loc ~]# su - apache -s /bin/bash -c "source /opt/rh/rh-php71/enable; cd /usr/share/nextcloud/; php occ user:list"
  - 79E2CF60-8534-4053-BE9F-32647D325179: NethServer LDAP simple auth identity (ldapservice)
  - C34FF8A0-F2BA-47F2-B3E6-5C71885C5491: de labrusse (stephane)
  - F48A756D-0992-41B3-9C1C-FD316F62005F: NethServer Administrator (admin)
  - admin: admin


[root@ns7loc ~]# su - apache -s /bin/bash -c "source /opt/rh/rh-php71/enable; cd /usr/share/nextcloud/; php occ user:list" |grep '(stephane.delabrusse)'|awk '{print $2}'|sed 's/:$//'
5F7EBACF-58B5-49AA-B8F9-A48A9A7894E8
2 Likes

As alternative approach, you could also query mysql

[root@here ~]# echo "select directory_uuid from oc_ldap_user_mapping where ldap_dn like 'cn=davidep,%';" | mysql nextcloud
directory_uuid
67C77753-DFC4-4A1C-80F5-9DA9BF54674B

the query depends on the accounts provider but can be generalized as

[root@here ~]# echo "select directory_uuid from oc_ldap_user_mapping where ldap_dn like 'cn=davidep,%' or ldap_dn like 'uid=davidep,%' ;" | mysql nextcloud
directory_uuid
67C77753-DFC4-4A1C-80F5-9DA9BF54674B

Both solutions are hacks: if the table schema or the command output change we have a problem…

1 Like

Some extra info on this nextcould topic:

1 Like

tk @mark_nl

indeed I did a wrong way, even if I remove the data folder, the mysql data are not removed and it breaks thinks as it continues to display owned files but of course you cannot browse them anymore.

nextcloud gets some documentation on this topic, of course at my first attempts it doesn’t work :smiley:

[root@ns7loc2 ~]# su - apache -s /bin/bash -c "source /opt/rh/rh-php71/enable; cd /usr/share/nextcloud/; php occ ldap:show-remnants"
The current PHP memory limit is below the recommended value of 512MB.
+----------------+--------------+----------+---------+------------+-----+--------+
| Nextcloud name | Display Name | LDAP UID | LDAP DN | Last Login | Dir | Sharer |
+----------------+--------------+----------+---------+------------+-----+--------+

I need to wait a little more probably, guys have seen deleted users appear after a while

See other topics: