What is the recommendet way of disabling user accounts with ldap? right i tend towards using an existing attibute (shadowInactive) and check with the filter option of libpam-ldap if that flag was clear filter (&(objectClass=posixAccount)(!shadowInactive=inactive)) is this the right way to do it?