Mass deleting users

Hi,

First let me explain the context :

I’ve a gitlab-ce server and i’ll soon update this sever in an gitlab-ee version (educational)
I’ve only 500 licenses, so soon i’ll have to manage the number of users who will connect to the server.

The users connect to Gitlab with a local ldap.

Is anyone know if a command line exist to delete users in a shell?

If i know this type of command i’ll make a shell script who get all old users from ldap and delete them every year.

But if someone knows/do another way to delete mass users from shell with script, i’ll appreciate.

Thanxs

Hi,

To answer that, it would be helpful to know which LDAP server you’re using. Most commonly is OpenLDAP which provides CLI commands to manage it. Since a deletion is a quite severe action, I’d recommend to create a backup first and test that in a staging environment if you are not sure about it.

Example: https://www.linuxquestions.org/questions/linux-general-1/how-to-delete-user-from-my-ldap-server-by-the-command-4175542088/

One note though: The user record may be bound to a group membership, so ensure to know the LDAP structure and clean away all entries which may require multiple queries. I don’t know of a good LDAP book as resource, but I’d definitely recommend one.

If you are into programming, Perl and other languages have bindings for managing LDAP records too.

Cheers,
Michael

I well it’s openLDAP, but it does not matter, i’ll deal with this.

I just want to know if there is a command a gitlab command scriptable to delete users and let contrib in CLI?

Thanx

Hi,

ah, you don’t want to delete users from LDAP but GitLab, now I get it. There’s multiple possibilities, the most safest one is to create a personal token for an administrative account and use the REST API. There are various bindings in Perl, Python, etc. where you can filter and script even more.

First, fetch the ids of users you want to delete, then loop over the ids and fire the delete request.
https://docs.gitlab.com/ee/api/users.html#user-deletion

If that’s not sufficient, the rake console on the shell may solve the purpose as well. Starting up the console may take ages though, and is an operation on the open heart as root.

Cheers,
Michael

1 Like

HI Michael,

you don’t want to delete users from LDAP but GitLab, now I get it.

Yes that’s it! (i was not very clear!)

I talked about ldap, cause i will compare accounts in Gitlab who does not exist anymore in ldap and delete them (but keep datas projects)

I will have a look at the solution you gave.

Thanx

1 Like

Hi,

typical tired Monday after a long weekend :slight_smile: If you want to go the route with comparing, I strongly recommend to use a language other than Bash, just as Perl, Python or Ruby to work on 1) LDAP fetches 2) REST API queries. A diff sync should be doable with minimal effort.

Cheers,
Michael

Hi,

I recently migrate to Gitlab EE, and i read Somewhere that in this version, when you remove a user from your LDAP, gitlab set his status to blocked.

Can you confirm this?

Since i migrate i Saw Many old users with blocked status, and that a fact, they don’t exist anymore in my LDAP.

But if i do a test, create LDAP user, sign in gitlab, and remove from LDAP, his status does not turn to blocked.

Is there is a length of Time to wait?

Thanx

Ok in gitlab EE, every day gitlab do a ldap check and block removed ldap user.