Liam Gretton wrote:
On 16/04/2013 19:49, Jignesh Patel wrote:
Does openldap has a provision like active directory to disable a user?
useraccountcontrol 544
At our site I created a new attribute 'globalLock' for every account and
filter on that at the service end. For example in /etc/ldap.conf for PAM:
pam_filter (globalLock=off)
Enabled users get globalLock set to 'off'. Any other value will lock the
user out.
It's simple enough to use in Apache and other applications too.
Better to do this in a slapd ACL and enforce from the server side, than to
rely on correctness of multiple clients.
access to attrs=userpassword filter=(globalLock=off)
by anonymous auth
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
