[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to disable or enable an ldap user account


RamakrishnaDeepak Battu wrote:
>   Can any one point me to how u can disable/enable an ldap user
> account.Thanks in advance.

I use an attribute from the "shadowAccount" Object-Class:

To disable a user I add

shadowexpire: 0

To enable the user I remove that attribute.

Unixoid Systems with "shadow"-mechanisms honor that attribute and deny
login with the message "Password expired". For other systems you have to
be creative with either ACLs (remove the "auth" right for Entries with
that attribute) or LDAP filters on the systems (if the System can't find
the User, it won't allow him to log in).

Christian Marg                    mail  : mailto:marg@rz.tu-clausthal.de
Rechenzentrum TU Clausthal        web   : http://www.tu-clausthal.de
D-38678 Clausthal-Zellerfeld      fon   : 05323/72-2626
Germany                           jabber: ifcma@jabber.tu-clausthal.de

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature