Support Questions

nbalaji-elangov · ‎11-24-2015

pcodding · ‎11-25-2015

You can script it using the following python script [delete_users.py]:

import sys,json
from string import Template 
password='admin'
ambari_host='revo5.hortonworks.local'
request = Template("echo 'Removing $user_name'\ncurl --insecure -u admin:$password -H 'X-Requested-By: ambari' -X DELETE http://$ambari_host:8080/api/v1/users/$user_name")
payload = json.load(sys.stdin)
for user in payload["items"]:
    if user["Users"]["ldap_user"]:
        print request.substitute(password=password,ambari_host=ambari_host,user_name=user["Users"]["user_name"])

$ curl -u admin:admin 'http://revo5.hortonworks.local:8080/api/v1/users/?Users/user_name.matches%28.*.*%29&fields=*' > users.json

$ cat users.json | python delete_users.py > delete_users.sh

The python script will output an echo statement for the username and a curl request delete each LDAP user. You can review that shell script as it will have all of the individual curl commands to delete the LDAP users that have been sync'd into Ambari. Once you're comfortable with the list you can run it with bash and observe the process.

$ bash delete_users.sh

View solution in original post

nsabharwal · ‎11-24-2015

@nbalaji-elangovan

Please see this https://community.hortonworks.com/questions/2904/how-do-i-remove-ldap-accounts-from-ambari.html

nbalaji-elangov · ‎11-24-2015

How to delete all LDAP users alone using REST API ? we have 250,000 LDAP users. Cannot remove individually.

Other option : Will deleting the users from database table "users" solve this ? Does the table have any dependencies or constraints that we need to take care.

nsabharwal · ‎11-25-2015

@nbalaji-elangovan There is jira opened by @Paul Codding to delete users from CLI

pcodding · ‎11-25-2015

You can script it using the following python script [delete_users.py]:

import sys,json
from string import Template 
password='admin'
ambari_host='revo5.hortonworks.local'
request = Template("echo 'Removing $user_name'\ncurl --insecure -u admin:$password -H 'X-Requested-By: ambari' -X DELETE http://$ambari_host:8080/api/v1/users/$user_name")
payload = json.load(sys.stdin)
for user in payload["items"]:
    if user["Users"]["ldap_user"]:
        print request.substitute(password=password,ambari_host=ambari_host,user_name=user["Users"]["user_name"])

$ curl -u admin:admin 'http://revo5.hortonworks.local:8080/api/v1/users/?Users/user_name.matches%28.*.*%29&fields=*' > users.json

$ cat users.json | python delete_users.py > delete_users.sh

The python script will output an echo statement for the username and a curl request delete each LDAP user. You can review that shell script as it will have all of the individual curl commands to delete the LDAP users that have been sync'd into Ambari. Once you're comfortable with the list you can run it with bash and observe the process.

$ bash delete_users.sh

nsabharwal · ‎11-25-2015

Thanks @Paul Codding. This needs to go into offical docs 🙂

sinman · ‎04-03-2019

Paul Coddling solution worked for me. I am using HDP 3.0.1 and was able to use this solution to remove over 800 users via the REST API.

I did have 2 conditions that I had to resolve manually:

1) for users with a $ in their name I had to escape them in the delete_users.sh script. So '...users/$somenamehere' becomes '...users/\$somenamehere'. I had 95 of these so I used vi to do a search and replace like this:

:%s/users\/\$/users\/\\$/g
2) This didn't work for users with a space in the name. I only had one like this so I replaced the space with a %20 and executed the curl command manually.

If someone had the time they could pull the statement to recreate the users.json into the python script, loop through them all and edit the names if needed and then execute the python statement. But I got this to work pretty quickly and didn't mind making the manual changes.

Cloudera Community

Support Questions

How to delete users synced in ambari server