28 Nov
2013
28 Nov
'13
3:58 a.m.
On 28/11/2013 08:56, Turbo Fredriksson wrote:
On Nov 28, 2013, at 9:30 AM, Liam Gretton wrote:
Now I use a custom 'lock' attribute on all accounts and use a LDAP filter at the client end. This is fine for our purposes but could be a problem for appliances that don't provide much in the way of LDAP configuration options.
I've used something similar to limit access on host level, but if I remember correctly, such a filter would hide the account from the system, not only lock it... ?
No, this is PAM configuration, not NSS.
You can use 'pam_filter' in the PAM LDAP module to filter on an attribute's value. For NSS there's a similar 'filter' option but as long as that's not changed the user won't disappear.
--
Liam Gretton liam.gretton@le.ac.uk
Systems Specialist http://www.le.ac.uk/its
IT Services Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom