> Is there a way in open ldap we will be able to inactivate a user entry
> without deleting it?
If you mean don't let it bind anymore, simply remove its password.
If you mean don't let it be accessed, hide it behind ACLs
Otherwise, rename (i.e. change its DN) into a subtree that holds
inactivated entries, e.g.
dn: cn=Someone,ou=People,dc=your,dc=org
=>
dn: cn=Someone,ou=Inactivated People,dc=your,dc=org
with
access to dn.children="ou=Inactivated People,dc=your,dc=org"
by dn.exact="cn=Admin,ou=People,dc=your,dc=org" write
by * none
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam