[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: disabling user account

To: openldap-technical@openldap.org
Subject: Re: disabling user account
From: Liam Gretton <liam.gretton@leicester.ac.uk>
Date: Fri, 19 Apr 2013 16:55:46 +0100
In-reply-to: <63330A6F-AD9C-42A0-860E-D3DFC5C387EE@icare.com>
Organization: IT Services, University Of Leicester
References: <63330A6F-AD9C-42A0-860E-D3DFC5C387EE@icare.com>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5

On 16/04/2013 19:49, Jignesh Patel wrote:

Does openldap has a provision like active directory to disable a user?

useraccountcontrol 544

At our site I created a new attribute 'globalLock' for every account andfilter on that at the service end. For example in /etc/ldap.conf for PAM:


pam_filter  (globalLock=off)

Enabled users get globalLock set to 'off'. Any other value will lock theuser out.


It's simple enough to use in Apache and other applications too.

--
Liam Gretton                                    liam.gretton@le.ac.uk
Systems Specialist                            http://www.le.ac.uk/its
IT Services                                   Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom

Follow-Ups:
- Re: disabling user account
  - From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
- Re: disabling user account
  - From: Howard Chu <hyc@symas.com>
- Re: disabling user account
  - From: Michael Ströder <michael@stroeder.com>

References:
- disabling user account
  - From: Jignesh Patel <jignesh@icare.com>

Prev by Date: Re: How to improve performance with MDB backend?
Next by Date: Re: LDAP proxy
Index(es):
- Chronological
- Thread