[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: disabling user account



On 19/04/2013 17:20, Howard Chu wrote:

Better to do this in a slapd ACL and enforce from the server side, than to
rely on correctness of multiple clients.

	access to attrs=userpassword filter=(globalLock=off)
		by anonymous auth

We don't use LDAP for passwords, and that wouldn't prevent SSH key logins either.

Also we trust our client config just as much as our LDAP config.

--
Liam Gretton                                    liam.gretton@le.ac.uk
HPC Architect                                http://www.le.ac.uk/its/
IT Services                                   Tel: +44 (0)116 2522254
University Of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom