[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Inactivate a entry without deleting the entry.

I mean don't let it bind anymore.
Thanks pierangelo that helps.

Pierangelo Masarati <ando@sys-net.it> wrote:

> Is there a way in open ldap we will be able to inactivate a user entry
> without deleting it?

If you mean don't let it bind anymore, simply remove its password.
If you mean don't let it be accessed, hide it behind ACLs
Otherwise, rename (i.e. change its DN) into a subtree that holds
inactivated entries, e.g.

dn: cn=Someone,ou=People,dc=your,dc=org


dn: cn=Someone,ou=Inactivated People,dc=your,dc=org


access to dn.children="ou=Inactivated People,dc=your,dc=org"
by dn.exact="cn=Admin,ou=People,dc=your,dc=org" write
by * none

Pierangelo Masarati

Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam