[Date Prev][Date Next]
Re: Enable/Disable user account in openLDAP
In many cases, I guess we could also just save a backup of the account
(e.g. in ldif form) and just delete it.
The downside is that, if there are entries referencing that account,
they would remain orphaned and we would have to make sure that such
entries - if there are any - are also handled appropriately. That's
In any case, what I like to do (in our not really big/complex DIT), when
any type of automation is needed (for tasks that are not rare), is to
write a simple PHP mini-app providing functionality (through a
web-server based GUI) to administrative people (and myself) and handling
all associated dependencies automatically. I like the freedom offered by
PHP and experience has proven it is a reliable solution. Fortunately,
admins work on different DIT areas (with appropriate ACLs) and so there
are no risks of overlapped transactions (which would otherwise be an
issue as LDAP does not support transactions - yet).
I am not an LDAP expert, that's just my 2c. My way is by no means meant
to be a suggested way of doing things. It just may help someone
investigate some DIT management approaches.