On 28/11/2013 08:56, Turbo Fredriksson wrote:
On Nov 28, 2013, at 9:30 AM, Liam Gretton wrote:
> Now I use a custom 'lock' attribute on all accounts and use a LDAP filter at
the client end. This is fine for our purposes but could be a problem for appliances that
don't provide much in the way of LDAP configuration options.
I've used something similar to limit access on host level, but if
I remember correctly, such a filter would hide the account from
the system, not only lock it... ?
No, this is PAM configuration, not NSS.
You can use 'pam_filter' in the PAM LDAP module to filter on an
attribute's value. For NSS there's a similar 'filter' option but as long
as that's not changed the user won't disappear.
Liam Gretton liam.gretton(a)le.ac.uk
Systems Specialist http://www.le.ac.uk/its
IT Services Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom