Chapter 14. Uninstalling an IdM client
As an administrator, you can remove an Identity Management (IdM) client from the environment.
14.1. Uninstalling an IdM client
Uninstalling a client removes the client from the Identity Management (IdM) domain, along with all of the specific IdM configuration of system services, such as System Security Services Daemon (SSSD). This restores the previous configuration of the client system.
[root@client ~]# ipa-client-install --uninstall
Remove the DNS entries for the client host manually from the server:
[root@server ~]# ipa dnsrecord-del Record name: old-client-name Zone name: idm.example.com No option to delete specific record provided. Delete all? Yes/No (default No): yes ------------------------ Deleted record "old-client-name"
For each identified keytab other than
/etc/krb5.keytab, remove the old principals:
[root@client ~]# ipa-rmkeytab -k /path/to/keytab -r EXAMPLE.COM
On an IdM server, remove the client host entry from the IdM LDAP server. This removes all services and revokes all certificates issued for that host:
[root@server ~]# ipa host-del client.idm.example.comImportant
Removing the client host entry from the IdM LDAP server is crucial if you think you might re-enroll the client in the future, with a different IP address or a different hostname.