On 12/04/16 18:32, Michael Ströder wrote:
Tim Watts wrote:
"Delete" - they vanish from libnss and other places, but we still hold their
LDAP record for easy resurrection (this happens a lot - we have a class of
nomadic users - they work on a project, go away, then come back on another
project 2 years later).
That state I'd call "inactive" or similar. But that's cosmetic.
In my systems there's always exactly one status "active" for which I allow
"auth" on "userPassword".
E.g. in Æ-DIR the attribute 'aeStatus' can have this Integer values:
-1: requested
0: active
1: deactivated
2: archived
I suspect you're overloading the semantics of 'employeeType' by putting two
meaning into one attribute.
Ciao, Michael.
Yes - I think I am. It was partly convenience (I'm using the LAM web
front end to manage, with ldapvi where LAM cannot cope (odd problems
with empty mail attributes). But also I did not think of your idea -
it's pretty cool.
I'd have to admit to being more of an LDAP n00b (we populated
/etc/passwd directly from postgresql in my last place).
--
Tim Watts Tel (VOIP): +44 (0)1580 848360
Systems Manager Kings Digital Lab (KDL), King's College London
Systems Messages and Notifications: https://systemsblog.cch.kcl.ac.uk/
