[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: disabling user account

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: disabling user account
From: Liam Gretton <liam.gretton@leicester.ac.uk>
Date: Fri, 19 Apr 2013 20:56:04 +0100
In-reply-to: <51716EC5.5080902@symas.com>
Organization: IT Services, University Of Leicester
References: <63330A6F-AD9C-42A0-860E-D3DFC5C387EE@icare.com> <51716902.7060406@leicester.ac.uk> <51716EC5.5080902@symas.com>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5

On 19/04/2013 17:20, Howard Chu wrote:

Better to do this in a slapd ACL and enforce from the server side, than to
rely on correctness of multiple clients.

	access to attrs=userpassword filter=(globalLock=off)
		by anonymous auth

We don't use LDAP for passwords, and that wouldn't prevent SSH keylogins either.


Also we trust our client config just as much as our LDAP config.

--
Liam Gretton                                    liam.gretton@le.ac.uk
HPC Architect                                http://www.le.ac.uk/its/
IT Services                                   Tel: +44 (0)116 2522254
University Of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom

Follow-Ups:
- Re: disabling user account
  - From: Michael Ströder <michael@stroeder.com>

References:
- disabling user account
  - From: Jignesh Patel <jignesh@icare.com>
- Re: disabling user account
  - From: Liam Gretton <liam.gretton@leicester.ac.uk>
- Re: disabling user account
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: How to improve performance with MDB backend?
Next by Date: Re: How to improve performance with MDB backend?
Index(es):
- Chronological
- Thread