[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question on best way to partially disable users


I have an openldap server that several applications use for authenication. What we need to do is when a person is disabled, we need to disable access for that user for all applications but one (employeeonline). My first thought was simply to move the disabled person to a different OU (e.g. ou=eoonly,dc=... instead of ou=people,dc=...). The problem I am running into is that employeeonline is windows/vbscript that uses SASL to bind which means that I cannot just move the user to a different OU as they are always coming in as sasl-realm OL.NSD.ORG. Does any one have a good trick for how to do this? So far all I have come up with is:

1. Bind as a admin user and then check the user's password instead of binding as the user.

2. Figure out someway for vbscript to bind as a different SASL realms.

Thanks in advance for your advice.



"When we try to pick out anything by itself, we find it
 connected to the entire universe"            John Muir

Chris "Ski" Kacoroski, Unix Admin, NSD
206-501-9803, ski98033 on IRC and most IM services