Liam Gretton wrote:
On 16/04/2013 19:49, Jignesh Patel wrote:
Does openldap has a provision like active directory to disable a user?
useraccountcontrol 544
At our site I created a new attribute 'globalLock' for every account and filter on that at the service end. For example in /etc/ldap.conf for PAM:
pam_filter (globalLock=off)
Enabled users get globalLock set to 'off'. Any other value will lock the user out.
It's simple enough to use in Apache and other applications too.
Better to do this in a slapd ACL and enforce from the server side, than to rely on correctness of multiple clients.
access to attrs=userpassword filter=(globalLock=off) by anonymous auth