The instructions for removal of a large group of external LDAP users from Spotfire user directory depends on whether LDAP group synchronization is used:
- If LDAP user group synchronization is used, this can be done indirectly by removing a group with these users from the list of synchronized LDAP groups (in Spotfire Config Tool). This disables all members of that group in Spotfire during next LDAP synchronization and they then can be removed using 'delete-disabled-users' command.
- If LDAP group synchronization is not used for the LDAP domain where these users belong, it's still possible to achieve the same result, but a few additional steps are needed, as outlined below.
Note: The instructions below are designed to address a specific problem situation where Spotfire user directory contains a large number of user accounts from a single LDAP domain and Spotfire user directory is no longer synchronized with this LDAP domain.
1. Query Spotfire Server database to retrieve all users from LDAP domain in question, for example, DOMAINTEST:
select USER_NAME from <spotfire-schema>.USERS where DOMAIN_NAME = 'DOMAINTEST'
Extract this list of users into a text file.
2. Insert the list of users from above into a new batch file, replacing <db_username> with each user name:
config enable-user -t <spotfire-config-tool-password> --user-name=<db_username> --enable=false
A text editor with automation, for example, Notepad++, can be used to create a batch command file with enable-user command for each user on a single line. Here is a short example:
@echo off echo Running script... call config enable-user -t spotfire_password --username=user1 --enabled=false call config enable-user -t spotfire_password --username=user2 --enabled=false echo end of script
3. Open command prompt on Spotfire Server machine, switch to <Spotfire-Server-Home>\tomcat\spotfire-bin\ directory and execute the script above. The output should look similar to this:
Running script... Successfully update the status of user 'DOMAINTEST\user1' to enabled: false Successfully update the status of user 'DOMAINTEST\user2' to enabled: false end of script
The result is all user accounts in DOMAINTEST domain are now "disabled".
4. Run the following command to remove all disabled users:
config delete-disabled-users -a false -m false -p false -l false