[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to disable or enable an ldap user account

To: RamakrishnaDeepak Battu <ramakrishnadeepak@gmail.com>
Subject: Re: How to disable or enable an ldap user account
From: Christian Marg <marg@rz.tu-clausthal.de>
Date: Tue, 21 Oct 2008 16:01:38 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <9b120ece0810200445t97e6fedyf661e89157b62ba2@mail.gmail.com>
References: <9b120ece0810200445t97e6fedyf661e89157b62ba2@mail.gmail.com>
User-agent: Thunderbird 2.0.0.16 (Windows/20080708)

Hello,

RamakrishnaDeepak Battu wrote:
>   Can any one point me to how u can disable/enable an ldap user
> account.Thanks in advance.

I use an attribute from the "shadowAccount" Object-Class:

To disable a user I add

shadowexpire: 0

To enable the user I remove that attribute.

Unixoid Systems with "shadow"-mechanisms honor that attribute and deny
login with the message "Password expired". For other systems you have to
be creative with either ACLs (remove the "auth" right for Entries with
that attribute) or LDAP filters on the systems (if the System can't find
the User, it won't allow him to log in).

bye
Christian
-- 
Christian Marg                    mail  : mailto:marg@rz.tu-clausthal.de
Rechenzentrum TU Clausthal        web   : http://www.tu-clausthal.de
D-38678 Clausthal-Zellerfeld      fon   : 05323/72-2626
Germany                           jabber: ifcma@jabber.tu-clausthal.de

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- How to disable or enable an ldap user account
  - From: "RamakrishnaDeepak Battu" <ramakrishnadeepak@gmail.com>

Prev by Date: Re: How to disable or enable an ldap user account
Next by Date: Re: How to disable or enable an ldap user account
Index(es):
- Chronological
- Thread