How to permanently remove accounts remaining after removing passwd file?



I am in the process of rebuilding my dev environment, and am taking over an existing search-head that wasn't being used. I upgraded to 6.1.3, and then renamed the passwd file, so that all the old accounts were removed. However, there are still a number of ldap-based accounts appearing, and if I try to delete them via the gui, a message appears saying that "user account does not exist". Is there another place where they need to be removed from? I looked in the passwd file, and they are not present.

Tags (2)

Splunk Employee
Splunk Employee

As far as I understand the docs directories in etc/users are automatically created as long as you can successfully log in via LDAP.



0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!