Unix doesn't really work that way but maybe you make your special ldap user password script check if the user is in LDAP: if they are, do LDAP password, if they are not, wrap around Unix password.

Easier lazy solution is to have a passwd-ldap and a passwd-unix command, then replace passwd with a little script that tells the user to invoke the appropriate command.

-danny

On Thu, Oct 20, 2016 at 9:15 AM, Bernard Fay <bernard.fay@gmail.com> wrote:
Hi,

I would like to able to disable some Linux commands for LDAP users. One of those commands is passwd.  Because of some specific needs, when the LDAP users have to change their password a special script has been created for this purpose.  They MUST not use passwd but this command is still required by local users.

Does one of you might have an idea to disable Linux commands for LDAP users only?

Thanks,
Bernard




--
http://dannyman.toldme.com