pGina 3 Delete pGina Created User

[Joel Kline]

Hello! I'm evaluating pGina to use at an organization that currently has OpenLDAP running on a Mac OS X server. I've successfully setup pGina 3 with the LDAP plugin and users can authenticate fine. I also have the local account plugin enabled so local accounts are created, and I don't have the profiles deleted on logout since all the users are laptop users, and need to be able to login and access files locally even when they aren't at the office (essentially I'm trying to mimic the behavior Mac users enjoy with mobile accounts and Mac OS X server, but without the home syncing).

Everything works great, but if I remove a user from OpenLDAP, that user can still log into the machine because there is a local account and pGina will then authenticate the user via that and not stop at a LDAP failure (so it continues down the plugin chain). Not a huge deal if I could just delete the local accounts, but being somewhat of a Windows novice, I don't see where to do that. I see in the registry there is a profile for each user, but I think that will just delete their profile settings and not the actual user.

So how does one delete a user created by pGina so users who are removed from LDAP can no longer access a machine or is there a better way I should be doing this?

Thanks so much for any help!

[David Wolff]

Hi Joel,

Welcome to the mailing list!  There are several ways to delete a local account.

1.  Use the "Computer Management" utility.

2.  Use the "net" command at an administrator command line (net user username /delete).  You'll also need to manually delete the files for this user under C:\Users\username

3.  The user accounts control panel utility.

Cheers,

David

[Chirankur Choudhury]

Hi Joel,
I'm facing the same issue, pGina is creating a local account on the system and even after deleting the ldap account user can still login on that account.? have you found a workaround for that ? please Share some insights.

Regards,
Chirankur Choudhury