Description:
User details are still visible in uxconsole -manage -show -user <user_id> even after <user_id> after being removed from both Active Directory and the Local Enterprise database.
Solution:
When deleting a user from UNAB, even though the user may have been deleted from both Active Directory User store, as well as the UNIX local database (LDAP and/or /etc/passwd); the user will still be cached for UNAB until the next time the user attempts to log in or until the UNAB cache is cleared.
This means that, even if the user is deleted, and even though it will not be possible to log in to the endpoint as that user, any call to uxconsole -show -detail -user <user_id> will return the cached information, which includes a wealth of user details.
For instance:
/opt/CA/uxauth/bin/uxconsole -manage -show -detail -user myuser
CA ControlMinder UNAB uxconsole v12.62.0.632 - console utility
Copyright (c) 2010 CA. All rights reserved.
USER 'myuser' information ---------------------------------------------------- Type : Local User Local Account : Enabled Uid : 666407 Gid : 50023(basis) Shell : /usr/bin/ksh Home Directory : /home/myuser Gecos : Test user Unix Groups : 50023(basis) All Groups : [email protected]
The situation will last for as long as nobody tries to log in as that user. However, if we want to clear that information from the cache, due to the potential risk of compromising information that the above result might represent, it is possible to do so by following this procedure:
Release:
Component: SEOSU