[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enable/Disable user account in openLDAP

In many cases, I guess we could also just save a backup of the account (e.g. in ldif form) and just delete it.

The downside is that, if there are entries referencing that account, they would remain orphaned and we would have to make sure that such entries - if there are any - are also handled appropriately. That's DIT-dependent.

In any case, what I like to do (in our not really big/complex DIT), when any type of automation is needed (for tasks that are not rare), is to write a simple PHP mini-app providing functionality (through a web-server based GUI) to administrative people (and myself) and handling all associated dependencies automatically. I like the freedom offered by PHP and experience has proven it is a reliable solution. Fortunately, admins work on different DIT areas (with appropriate ACLs) and so there are no risks of overlapped transactions (which would otherwise be an issue as LDAP does not support transactions - yet).

I am not an LDAP expert, that's just my 2c. My way is by no means meant to be a suggested way of doing things. It just may help someone investigate some DIT management approaches.