Hello! I'm evaluating pGina to use at an organization that currently has OpenLDAP running on a Mac OS X server. I've successfully setup pGina 3 with the LDAP plugin and users can authenticate fine. I also have the local account plugin enabled so local accounts are created, and I don't have the profiles deleted on logout since all the users are laptop users, and need to be able to login and access files locally even when they aren't at the office (essentially I'm trying to mimic the behavior Mac users enjoy with mobile accounts and Mac OS X server, but without the home syncing).
Everything works great, but if I remove a user from OpenLDAP, that user can still log into the machine because there is a local account and pGina will then authenticate the user via that and not stop at a LDAP failure (so it continues down the plugin chain). Not a huge deal if I could just delete the local accounts, but being somewhat of a Windows novice, I don't see where to do that. I see in the registry there is a profile for each user, but I think that will just delete their profile settings and not the actual user.
So how does one delete a user created by pGina so users who are removed from LDAP can no longer access a machine or is there a better way I should be doing this?
Thanks so much for any help!