On 8/19/20 9:50 PM, wbranson@mcw.edu wrote:
I am getting ready to migrate from NIS to LDAP in our HPC clusters.
BTW: Are you using netgroups?
I need to know how to disable a user account, that is not to delete it, but to temporarily disable it.
Define an ACL which grants auth access to userPassword attribute based on the value of a (custom) status attribute.
For example in Æ-DIR (based on OpenLDAP) I have an attribute aeStatus:
https://www.ae-dir.com/docs.html#schema-oc-aeObject
And this ACL:
https://gitlab.com/ae-dir/ansible-ae-dir-server/-/blob/master/templates/slap...
Of course with ACLs you can also make inactive entries invisible for apps / systems consuming LDAP entries like this:
https://gitlab.com/ae-dir/ansible-ae-dir-server/-/blob/master/templates/slap...
And yes, Æ-DIR is especially made for NSS/PAM for Linux logins and provides some more things you have to build.
Ciao, Michael.