[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enable/Disable user account in openLDAP



Am 21.11.2011 14:25, schrieb Jayavant Patil:
> Hi,
> 
>    I am using openldap-2.4.19-4 on fedora 12 machine. Does anybody know how
> to enable/disable a user account in openLDAP?  I know ppolicy overlay but I
> don't require this password based locking.
> 
>    Thanks in advance.
> 

Hi,

we lock UNIX/Samba/Kerberos accounts in our system by "invalidating" the
userPassword (i.E. putting some random string before the '{HASH}' part),
settings the loginShell to '/bin/false' and putting the 'D' flag in
sambaAcctFlags.

Scrambling userPassword will prevent logins based on simple bind,
changing the loginShell prevents PublicKey logins and 'D' in
sambaAcctFlags disables logins with Samba and Heimdal Kerberos.


Regards,
Christian Manal