On 8/19/20 9:50 PM, [email protected] wrote: > I am getting ready to migrate from NIS to LDAP in our HPC clusters.
BTW: Are you using netgroups? > I need to know how to disable a user account, that is not to delete > it, but to temporarily disable it. Define an ACL which grants auth access to userPassword attribute based on the value of a (custom) status attribute. For example in Æ-DIR (based on OpenLDAP) I have an attribute aeStatus: https://www.ae-dir.com/docs.html#schema-oc-aeObject And this ACL: https://gitlab.com/ae-dir/ansible-ae-dir-server/-/blob/master/templates/slapd/consumer.conf.j2#L170 Of course with ACLs you can also make inactive entries invisible for apps / systems consuming LDAP entries like this: https://gitlab.com/ae-dir/ansible-ae-dir-server/-/blob/master/templates/slapd/consumer.conf.j2#L219 And yes, Æ-DIR is especially made for NSS/PAM for Linux logins and provides some more things you have to build. Ciao, Michael.
