Created 11-24-2015 06:17 PM
Created 11-25-2015 05:21 AM
You can script it using the following python script [delete_users.py]:
import sys,json from string import Template password='admin' ambari_host='revo5.hortonworks.local' request = Template("echo 'Removing $user_name'\ncurl --insecure -u admin:$password -H 'X-Requested-By: ambari' -X DELETE http://$ambari_host:8080/api/v1/users/$user_name") payload = json.load(sys.stdin) for user in payload["items"]: if user["Users"]["ldap_user"]: print request.substitute(password=password,ambari_host=ambari_host,user_name=user["Users"]["user_name"])
$ curl -u admin:admin 'http://revo5.hortonworks.local:8080/api/v1/users/?Users/user_name.matches%28.*.*%29&fields=*' > users.json
$ cat users.json | python delete_users.py > delete_users.sh
The python script will output an echo statement for the username and a curl request delete each LDAP user. You can review that shell script as it will have all of the individual curl commands to delete the LDAP users that have been sync'd into Ambari. Once you're comfortable with the list you can run it with bash and observe the process.
$ bash delete_users.sh
Created 11-24-2015 06:21 PM
Created 11-24-2015 06:32 PM
How to delete all LDAP users alone using REST API ? we have 250,000 LDAP users. Cannot remove individually.
Other option : Will deleting the users from database table "users" solve this ? Does the table have any dependencies or constraints that we need to take care.
Created 11-25-2015 02:41 AM
@nbalaji-elangovan There is jira opened by @Paul Codding to delete users from CLI
Created 11-25-2015 05:21 AM
You can script it using the following python script [delete_users.py]:
import sys,json from string import Template password='admin' ambari_host='revo5.hortonworks.local' request = Template("echo 'Removing $user_name'\ncurl --insecure -u admin:$password -H 'X-Requested-By: ambari' -X DELETE http://$ambari_host:8080/api/v1/users/$user_name") payload = json.load(sys.stdin) for user in payload["items"]: if user["Users"]["ldap_user"]: print request.substitute(password=password,ambari_host=ambari_host,user_name=user["Users"]["user_name"])
$ curl -u admin:admin 'http://revo5.hortonworks.local:8080/api/v1/users/?Users/user_name.matches%28.*.*%29&fields=*' > users.json
$ cat users.json | python delete_users.py > delete_users.sh
The python script will output an echo statement for the username and a curl request delete each LDAP user. You can review that shell script as it will have all of the individual curl commands to delete the LDAP users that have been sync'd into Ambari. Once you're comfortable with the list you can run it with bash and observe the process.
$ bash delete_users.sh
Created 11-25-2015 11:15 AM
Thanks @Paul Codding. This needs to go into offical docs 🙂
Created 04-03-2019 09:09 PM
Paul Coddling solution worked for me. I am using HDP 3.0.1 and was able to use this solution to remove over 800 users via the REST API.
I did have 2 conditions that I had to resolve manually:
1) for users with a $ in their name I had to escape them in the delete_users.sh script. So '...users/$somenamehere' becomes '...users/\$somenamehere'. I had 95 of these so I used vi to do a search and replace like this:
:%s/users\/\$/users\/\\$/g
2) This didn't work for users with a space in the name. I only had one like this so I replaced the space with a %20 and executed the curl command manually.
If someone had the time they could pull the statement to recreate the users.json into the python script, loop through them all and edit the names if needed and then execute the python statement. But I got this to work pretty quickly and didn't mind making the manual changes.