Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
181182183184185186187188189190
Deleting Records
You can use the Inspector in Workgroup Manager to delete a record.
WARNING: After using the Inspector to delete user or computer records, use
command-line tools to delete the corresponding Kerberos identity and Password
Server slot. If you leave an orphaned Kerberos identity or Password Server slot, it can
conict with a user or computer record created later.
WARNING: Deleting records can cause the server to behave erratically or stop working.
Don’t delete records unless you know they’re not needed for proper server functioning.
To delete records with the Inspector:
1 Open Workgroup Manager and make the Inspector visible if it is hidden.
For more information, see “Showing the Directory Inspector on page 182.
2 Open the directory domain where you want to delete a record, and authenticate as an
administrator of the domain.
To open a directory domain, click the small globe icon above the list of users and
choose from the pop-up menu.
3 Click the All Records button (next to the Computer Group button) and then from the
pop-up menu at the top of the list choose a record type.
4 In the list of records, select records you want to delete.
5 Click Delete (or choose Server > Delete Selected Records).
Deleting Users or Computers Using Inspector or the Command Line
If you use the Inspector in Workgroup Manager or command-line tools in Terminal to
delete a user or computer record whose AuthenticationAuthority attribute includes
a Password Server or Kerberos value, delete the corresponding Kerberos identity and
Password Server slot.
If you leave an orphaned Kerberos identity in the Kerberos KDC or an orphaned
Password Server slot, it can conict with a user or computer record created later.
If the AuthenticationAuthority attribute includes a value beginning with ;Kerberosv5;
use the delete_principal command of the kadmin.local command-line tool in
Terminal to delete the corresponding Kerberos identity from the Kerberos KDC. For
more information, see the kadmin.local man page.
If the AuthenticationAuthority attribute includes a value beginning with
;ApplePasswordServer; use the -deleteslot command of the mkpassdb command-
line tool in Terminal to delete the corresponding Password Server slot. For more
information, see the mkpassdb man page.
184 Chapter 9 Maintaining Open Directory Services