[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Blocking users

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: Blocking users
From: "Marcelo Moulin" <reckor@gmail.com>
Date: Mon, 14 Aug 2006 16:40:54 +0100
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
Content-disposition: inline
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=gjuTkpndq1TlXsDASEW9dA/ptW5EQtqZKUuTDxTu8MqIyFpopFhl4LJE6yM1g2YDsMQlEMEFLey2DPrvZMwD2JrEm4iOr9X8TCzqNPjUYozr02Evi+uLRDox8n+KsYlfRMlfcfPq5H7EWRJ2bdZHRqou8Z6JygiJt58sJN9tTc8=
In-reply-to: <7.0.1.0.0.20060814080905.03ab42c0@OpenLDAP.org>
References: <4d23656f0608140008hc37a7cdxfe2a288ca8294500@mail.gmail.com> <7.0.1.0.0.20060814080905.03ab42c0@OpenLDAP.org>

Thank you Kurt.
I will try it.

Regards,
Marcelo

On 8/14/06, Kurt D. Zeilenga <Kurt@openldap.org> wrote:

At 12:08 AM 8/14/2006, Marcelo Moulin wrote:
> I am using openldap.  How do I configure slapd(8) so that a
> user whose entry contains a 'statusFlag' attribute with
> value 1 (defined in one new schema) will be blocked from
>authenticating to the directory?

Well, you can block the user from authenticating.  For
using LDAP simple bind, just restrict the 'auth' access to
userPassword.  For instance, using something like:
        access to attr=userPassword filter=(statusFlag=1)
                by self write
        access to attr=userPassword
                by self write
                by anonymous auth
see slap.access(1).

Kurt

References:
- Blocking users
  - From: "Marcelo Moulin" <reckor@gmail.com>
- Re: Blocking users
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Blocking users
Next by Date: configure options to use ppolicy
Index(es):
- Chronological
- Thread