21 Nov
2011
21 Nov
'11
6:17 a.m.
Am 21.11.2011 14:25, schrieb Jayavant Patil:
Hi,
I am using openldap-2.4.19-4 on fedora 12 machine. Does anybody know how to enable/disable a user account in openLDAP? I know ppolicy overlay but I don't require this password based locking.
Thanks in advance.
Hi,
we lock UNIX/Samba/Kerberos accounts in our system by "invalidating" the userPassword (i.E. putting some random string before the '{HASH}' part), settings the loginShell to '/bin/false' and putting the 'D' flag in sambaAcctFlags.
Scrambling userPassword will prevent logins based on simple bind, changing the loginShell prevents PublicKey logins and 'D' in sambaAcctFlags disables logins with Samba and Heimdal Kerberos.
Regards, Christian Manal