[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Inactivate a entry without deleting the entry.

To: openldap-software@OpenLDAP.org
Subject: Re: Inactivate a entry without deleting the entry.
From: Neo - <kpaxian25@yahoo.com>
Date: Fri, 19 Mar 2004 14:40:40 -0800 (PST)
In-reply-to: <64118.81.72.89.40.1079735279.squirrel@webmail.sys-net.it>

I mean don't let it bind anymore.

Thanks pierangelo that helps.

Pierangelo Masarati <ando@sys-net.it> wrote:

> Is there a way in open ldap we will be able to inactivate a user entry
> without deleting it?

If you mean don't let it bind anymore, simply remove its password.
If you mean don't let it be accessed, hide it behind ACLs
Otherwise, rename (i.e. change its DN) into a subtree that holds
inactivated entries, e.g.

dn: cn=Someone,ou=People,dc=your,dc=org

=>

dn: cn=Someone,ou=Inactivated People,dc=your,dc=org

with

access to dn.children="ou=Inactivated People,dc=your,dc=org"
by dn.exact="cn=Admin,ou=People,dc=your,dc=org" write
by * none

p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam

References:
- Re: Inactivate a entry without deleting the entry.
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: LDAP Utilities and LDAP URI
Next by Date: RE: openldap 2.2 on Windows
Index(es):
- Chronological
- Thread