I can’t find a way to fully delete a user when using AD. The “delete user” inside the admin UI tells me “Not allowed: the user account system is read-only.”. If I just delete the user through the AD, the user itself gets deleted, however everything else in the database stays there. This means pubsub tables, roster subscriptions and so on.
I tried deleting it through the Rest API plugin in order to try to fully delete it “plugins/restapi/v1/users/username”, but I get status 405 Method Not Allowed which I suppose is because of the AD.
This, sadly, isn’t possible with the existing version of Openfire (4.7.5). I have put some thoughts in this before (shown below), but never found the time to implement this.
I was playing with the idea to base ‘user deletion’ for read-only providers on:
a new API (exposed by a new REST API endpoint) that can be used to signal that a user is being deleted, or has been deleted. This should clean up most references in Rosters, MUCs, pubsub nodes, VCards and Offline Messages
a periodic check that evaluates if users that have at one point existed, still exist within AD, and if not, invoke the API created earlier.
If we can avoid a need to iterate over all the individual types of references that we want to clean up to figure out what accounts we need to check, that would save a considerable amount of work. A fair approximation of the affected users can probably be gotten from one or two sources.