[Date Prev][Date Next]
Re: Enable/Disable user account in openLDAP
Nick Milas wrote:
> In many cases, I guess we could also just save a backup of the account (e.g.
> in ldif form) and just delete it.
I usually strongly discourage such a practice.
In deployments I setup entries are just disabled also to make the uid
persistent. And then have a unique constraint on uid.
> The downside is that, if there are entries referencing that account, they
> would remain orphaned and we would have to make sure that such entries - if
> there are any - are also handled appropriately. That's DIT-dependent.
Yes. Note that references are not only within the DIT. There are also many
references to the user-IDs in different systems.