[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enable/Disable user account in openLDAP

Nick Milas wrote:
> In many cases, I guess we could also just save a backup of the account (e.g.
> in ldif form) and just delete it.

I usually strongly discourage such a practice.

In deployments I setup entries are just disabled also to make the uid
persistent. And then have a unique constraint on uid.

> The downside is that, if there are entries referencing that account, they
> would remain orphaned and we would have to make sure that such entries - if
> there are any - are also handled appropriately. That's DIT-dependent.

Yes. Note that references are not only within the DIT. There are also many
references to the user-IDs in different systems.

Ciao, Michael.