This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mass Delete Users from UTM

I am running version 9.201-25. So basically what happened, when I setup AD sync, it synced way too many accounts and the backend sync just kills the box. I need to be able to clear out all the remote users and have them built as authenticated. When I attempt to delete users from the Webadmin UI, It gives a message after 30 seconds if you want to wait another 30 seconds. Then, I assume, times out all together. If I SSH and watch the TOP services, the Confd will spike at 100% CPU and then after the timeout goes away. So I think it just gives up. I looks like I cannot delete more than 10 users within the time window. Unfortunately I did not backup the config before the sync and am trying to avoid resetting back to factory as I have configured a bunch of firewall objects and rules. Is there any way to clear out these users without having to start from the beginning? Any help is appreciated.


This thread was automatically locked due to age.
Parents
  • The following is a perl script that I haven't used in a couple of years, so be warned that it is not tested on current v9.1+ versions of UTM.  Use at your own risk.  It's designed to delete any User accounts using backend/remote auth.

    #!/usr/bin/perl
    use warnings;
    use strict;

    use Astaro::ConfdPlRPC;

    my $confd = Astaro::ConfdPlRPC->new or die 'cannot connect';

    $confd->lock or die 'cannot lock';

    for my $user (@{ $confd->get_objects(qw(aaa user)) }) {
      next if $user->{data}{authentication} ne 'remote';
      print "removing $user->{data}{name} ... ";
      $confd->refresh_lock;
      my $ret = $confd->del_object($user->{ref});
      if ($ret) {
        print "ok\n";
      } else {
        print "failed, aborting\n";
        $confd->disconnect;
        exit 1;
      }
    }

    $confd->commit or die 'cannot commit';
    $confd->disconnect;

    exit 0;
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • Hi,

     

    where should the script be placed to run?

    Can it be run from the admin webpage?

     

    BR

    Oliver

  • Hallo Oliver,

    I'd be hesitant to run that old script in a business setting.  I would recommend getting a case open with Sophos Support and having them run a current script just in case there were changes.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Oliver,

    I'd be hesitant to run that old script in a business setting.  I would recommend getting a case open with Sophos Support and having them run a current script just in case there were changes.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data