Introduction

When users are deleted from an external LDAP identity sources, the user deletion may result in licenses being allocated to users that cannot be accessed in the management console.

The purpose of this task is to remove users that have been removed in this manner (which in turn frees up any licenses consumed by any users found and cleared).

The task can be found by navigating to "Administration | Tasks", then scrolling down to the task "Clear deleted LDAP users";

Task Parameters

This task does not use any task parameters.

Editing and Scheduling the Task

Viewing and Editing Tasks

The task can be edited by left clicking on the context menu of the task and selecting "Edit";

A new window will now open titled "Task - Edit";




Enter the name to be assigned to the task within the management console.


Enter a description of what the task will do.


The version number of the task.


This field is used to specify when the task is scheduled to execute.


This field will determine if the task schedule is enabled (if enabled the task will execute at the scheduled time).


Specifies how many times the task should be repeated after the task is executed.



import com.deepnet.das.user.LdapUser
import com.deepnet.das.history.History
import com.deepnet.das.util.ConfigLoader

def createDIRAndFile() {
                def exportFolder = ConfigLoader.getProperty('dual/export/directory')
                def sep = System.getProperty('file.separator')
                if(!exportFolder){
                    def catalinaBase = System.properties.getProperty('catalina.base')
                    exportFolder = catalinaBase.substring(0, catalinaBase.lastIndexOf(sep)) + sep + 'export'
                }
                def dir = new File(exportFolder)
                if(!dir.exists()){
                    dir.mkdir()
                }
                return new File(exportFolder + sep + "Disabled-LDAP-Users-" + new Date().format( 'YYYYMMdd-HHmmss' ).toString() + ".csv")
            }

def us = []

def criteria = LdapUser.createCriteria()
def count = 0
def found = 0

            def csv = createDIRAndFile()
            csv << "userID,dn,loginName,firstName,lastName\r\n"

def scrollable = criteria.scroll{
ne 'status', 'DISABLED'
}

while(scrollable.next()){
def user =  scrollable.get(0)
if(!user.completeLdapAttributes()){
us << user
found++
}

count++

onProgress(count, "Checking users: " + found + "/" + count)
}

count = 0

us.each{ user ->

user.status = 'DISABLED'
user.save()

count++

csv << user.userID << ","
csv << '"' << user.dn << '",'
csv << '"' <<user.loginName << '",'
csv << '"' << user.firstName << '",'
csv << '"' << user.lastName  << '"\r\n'

onProgress(count, "Disabling users: " + count + "/" + us.size())
}

setEndMessage(us.size() + " users disabled")

Scheduling the Task

Select the "Enable Schedule" checkbox to ensure the task schedule is activated, then use the pencil icon ("")  to specify the time and frequency settings for automated task execution.

  • Tasks can be scheduled for automatic execution by selecting the "Schedule Enable" option then clicking on the icon;

    When the is pressed a window will open titled "Schedule" that can be used to specify the when the report is scheduled to run; 


    As an example, we can schedule the report to run at 1am every weekday using the following settings;

    After clicking on the schedule details will be converted into text form and added against the report parameter "Schedule"; 

Manual Task Execution

The task can be run manually from the management console by left click on the context menu of the task, then selecting "Run";

A new window will open titled "Run Task" will then open (the window will be populated with the default task property values);



Provide a brief description that will be used to describe the purpose of the task in the audit log.


To execute the task click  the  button.

  • Tasks can be run manually from the management console by left click on the context menu of the task, then selecting "Run";

    A new window will open titled "Execute Task" will then open (the window will be populated with the default task property values for this task (example below);




    Provide a brief description that will be used to describe the purpose of the task in the audit log.


    Specify the domain that assigned users of the tokens must be members of if the tokens are to be deleted by the task.

    If specified, this property will restrict token deletion to tokens that are assigned to users who are members of the selected Unit.


    If supplied this parameter specifies that only tokens with the specified Product will be deleted.



    Specifies if only inactive tokens are to be deleted when the task is run.



    Before manually running the task the system administrator has the opportunity to temporarily replace these default values (the default values will return to their original state after the task has run).

    When you have finished supplying the property settings, the task can be manually run by clicking on the  button. 

Example

When a user that is consuming a license has been deleted from the external directory, their details will show in the report "User use licenses", but their details in the report columns "Login Name", "First Name" and "Last Name" will be blank, and listed at the top of the report.

As can be seen from this report the user is still consuming a license and it is the purpose of this task to free the license up.

Now we run the task "Clear LDAP Users" then rerun the "Users use licenses" report we will discover that the entry with blank details is no longer present (and the associated license is no longer consumed);

  • No labels