https://community.cloudera.com/t5/Archives-of-Support-Questions/after-deleting-user-and-group-from-openLDAP-server-its-shows/m-p/211861#M78822 <P><A rel="user" href="https://community.cloudera.com/users/2827/umairkhan.html" nodeid="2827">@Umair Khan</A> </P><P>The below command you gave worked for me. </P><PRE>ambari-server sync-ldap --existing</PRE><P>you can use this option to synchronize only those entities that are in Ambari with LDAP. Users and groups will be removed from Ambari if they no longer exist in LDAP.</P><P>But,we can use <STRONG>'all' </STRONG>mode with sync-ldap, that will synchronize those entities that are in Ambari with LDAP, means syncs new entries to the ambari as well as removes entries from Ambari if they no longer exist in LDAP.</P><PRE> ambari-server sync-ldap --all</PRE><P>so, we can add and remove entries to the Ambari at the same time using single command.</P><P>Thanks.</P> Tue, 29 May 2018 14:20:39 GMT heta_desai 2018-05-29T14:20:39Z https://community.cloudera.com/t5/Archives-of-Support-Questions/after-deleting-user-and-group-from-openLDAP-server-its-shows/m-p/211859#M78820 <P>HI,</P><P>I have configured openLDAP Server. I have synced LDAP users and groups with ranger as well as ambari.</P><P> After deleting the users and groups from openLDAP server, it do not deletes from Ambari and ranger databases. </P><P>It do not allow to login using deleted user but it shows in UI. </P><P>How to automatically delete users and groups from Ambari and ranger database when users and groups are deleted from openLDAP Server ?</P><P>Thank You.</P> Mon, 28 May 2018 18:51:23 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/after-deleting-user-and-group-from-openLDAP-server-its-shows/m-p/211859#M78820 heta_desai 2018-05-28T18:51:23Z https://community.cloudera.com/t5/Archives-of-Support-Questions/after-deleting-user-and-group-from-openLDAP-server-its-shows/m-p/211860#M78821 <P>If users and groups are deleted in openLDAP server you should use 'existing' mode with ambari ldap sync:</P><PRE>ambari-server sync-ldap --existing</PRE><P><A href="https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.0.0/bk_ambari-security/content/existing_users_and_groups.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.0.0/bk_ambari-security/content/existing_users_and_groups.html</A></P> Mon, 28 May 2018 23:02:02 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/after-deleting-user-and-group-from-openLDAP-server-its-shows/m-p/211860#M78821 umair_khan 2018-05-28T23:02:02Z https://community.cloudera.com/t5/Archives-of-Support-Questions/after-deleting-user-and-group-from-openLDAP-server-its-shows/m-p/211861#M78822 <P><A rel="user" href="https://community.cloudera.com/users/2827/umairkhan.html" nodeid="2827">@Umair Khan</A> </P><P>The below command you gave worked for me. </P><PRE>ambari-server sync-ldap --existing</PRE><P>you can use this option to synchronize only those entities that are in Ambari with LDAP. Users and groups will be removed from Ambari if they no longer exist in LDAP.</P><P>But,we can use <STRONG>'all' </STRONG>mode with sync-ldap, that will synchronize those entities that are in Ambari with LDAP, means syncs new entries to the ambari as well as removes entries from Ambari if they no longer exist in LDAP.</P><PRE> ambari-server sync-ldap --all</PRE><P>so, we can add and remove entries to the Ambari at the same time using single command.</P><P>Thanks.</P> Tue, 29 May 2018 14:20:39 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/after-deleting-user-and-group-from-openLDAP-server-its-shows/m-p/211861#M78822 heta_desai 2018-05-29T14:20:39Z