Support Questions

Find answers, ask questions, and share your expertise

How to delete users synced in ambari server

avatar
Expert Contributor
 
1 ACCEPTED SOLUTION

avatar

You can script it using the following python script [delete_users.py]:

import sys,json
from string import Template 
password='admin'
ambari_host='revo5.hortonworks.local'
request = Template("echo 'Removing $user_name'\ncurl --insecure -u admin:$password -H 'X-Requested-By: ambari' -X DELETE http://$ambari_host:8080/api/v1/users/$user_name")
payload = json.load(sys.stdin)
for user in payload["items"]:
    if user["Users"]["ldap_user"]:
        print request.substitute(password=password,ambari_host=ambari_host,user_name=user["Users"]["user_name"])

$ curl -u admin:admin 'http://revo5.hortonworks.local:8080/api/v1/users/?Users/user_name.matches%28.*.*%29&fields=*' > users.json

$ cat users.json | python delete_users.py > delete_users.sh

The python script will output an echo statement for the username and a curl request delete each LDAP user. You can review that shell script as it will have all of the individual curl commands to delete the LDAP users that have been sync'd into Ambari. Once you're comfortable with the list you can run it with bash and observe the process.

$ bash delete_users.sh

View solution in original post

6 REPLIES 6

avatar
Expert Contributor

How to delete all LDAP users alone using REST API ? we have 250,000 LDAP users. Cannot remove individually.

Other option : Will deleting the users from database table "users" solve this ? Does the table have any dependencies or constraints that we need to take care.

avatar
Master Mentor

@nbalaji-elangovan There is jira opened by @Paul Codding to delete users from CLI

avatar

You can script it using the following python script [delete_users.py]:

import sys,json
from string import Template 
password='admin'
ambari_host='revo5.hortonworks.local'
request = Template("echo 'Removing $user_name'\ncurl --insecure -u admin:$password -H 'X-Requested-By: ambari' -X DELETE http://$ambari_host:8080/api/v1/users/$user_name")
payload = json.load(sys.stdin)
for user in payload["items"]:
    if user["Users"]["ldap_user"]:
        print request.substitute(password=password,ambari_host=ambari_host,user_name=user["Users"]["user_name"])

$ curl -u admin:admin 'http://revo5.hortonworks.local:8080/api/v1/users/?Users/user_name.matches%28.*.*%29&fields=*' > users.json

$ cat users.json | python delete_users.py > delete_users.sh

The python script will output an echo statement for the username and a curl request delete each LDAP user. You can review that shell script as it will have all of the individual curl commands to delete the LDAP users that have been sync'd into Ambari. Once you're comfortable with the list you can run it with bash and observe the process.

$ bash delete_users.sh

avatar
Master Mentor

Thanks @Paul Codding. This needs to go into offical docs 🙂

avatar
New Contributor

Paul Coddling solution worked for me. I am using HDP 3.0.1 and was able to use this solution to remove over 800 users via the REST API.


I did have 2 conditions that I had to resolve manually:

1) for users with a $ in their name I had to escape them in the delete_users.sh script. So '...users/$somenamehere' becomes '...users/\$somenamehere'. I had 95 of these so I used vi to do a search and replace like this:

:%s/users\/\$/users\/\\$/g
2) This didn't work for users with a space in the name. I only had one like this so I replaced the space with a %20 and executed the curl command manually.


If someone had the time they could pull the statement to recreate the users.json into the python script, loop through them all and edit the names if needed and then execute the python statement. But I got this to work pretty quickly and didn't mind making the manual changes.