Re: disabling user account

[Chris Jacobs <Chris.Jacobs@apollogrp.edu>]

And at our site we use a disabled OU now.

We used to simply 'scramble' their passwords (only works if you don't have a forgot password functionality setup somewhere, which we don't.)

Many different ways to get the job done.

- chris


----- Original Message -----
From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
To: openldap-technical@openldap.org <openldap-technical@openldap.org>
Sent: Fri Apr 19 08:55:46 2013
Subject: Re: disabling user account

On 16/04/2013 19:49, Jignesh Patel wrote:
> Does openldap has a provision like active directory to disable a user?
>
> useraccountcontrol 544

At our site I created a new attribute 'globalLock' for every account and
filter on that at the service end. For example in /etc/ldap.conf for PAM:

pam_filter  (globalLock=off)

Enabled users get globalLock set to 'off'. Any other value will lock the
user out.

It's simple enough to use in Apache and other applications too.

--
Liam Gretton                                    liam.gretton@le.ac.uk
Systems Specialist                            http://www.le.ac.uk/its
IT Services                                   Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom



This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.