2010/11/22 Gary.jsz gary.jsz@gmail.com:
Hi,ALL
I'm new openLDAP user. But now, I have a problem about LDAP user manager.
I want stop a specify user in LDAP system,but I don't want to delete this user and change the user's password.
How to locked this user? such as Linux system "passwd -l xxx" to locked system users.
Help me,please!
LDAP is just a storage system with a simple fast protocol, it really doesn't perform any actions per-se except for the storage and retrieval of information organized in a directory tree.
Therefore, blocking a user is not the task of ldap directly, but of your authentication system which is somehow integrated to ldap. In the case of *nix it's probably PAM that is authenticating the users, and it is PAM, based on certain criteria that will decide to allow access or not. This criteria on a stand-alone *nix system comes from the auth files such as passwd, shadow or others, but when PAM is integrated with LDAP, it then looks for the criteria in the directory instead of the local files.
So, in effect you will block the user if you modify the data in ldap but it is PAM that is actually doing the blocking, based on a piece of information that you modified. The specifics of your problem depend on how your authentication system works, and what attributes it uses to determine the authentication, blocking, password change policies, hours of entry, etc.
Best,
-- Alejandro Imass