[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Inactivate a entry without deleting the entry.

> Is there a way in open ldap  we will be able to inactivate a user entry
> without deleting it?

If you mean don't let it bind anymore, simply remove its password.
If you mean don't let it be accessed, hide it behind ACLs
Otherwise, rename (i.e. change its DN) into a subtree that holds
inactivated entries, e.g.

dn: cn=Someone,ou=People,dc=your,dc=org


dn: cn=Someone,ou=Inactivated People,dc=your,dc=org


access to dn.children="ou=Inactivated People,dc=your,dc=org"
    by dn.exact="cn=Admin,ou=People,dc=your,dc=org" write
    by * none

Pierangelo Masarati