And at our site we use a disabled OU now.
We used to simply 'scramble' their passwords (only works if you don't have a forgot password functionality setup somewhere, which we don't.)
Many different ways to get the job done.
- chris
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Fri Apr 19 08:55:46 2013 Subject: Re: disabling user account
On 16/04/2013 19:49, Jignesh Patel wrote:
Does openldap has a provision like active directory to disable a user?
useraccountcontrol 544
At our site I created a new attribute 'globalLock' for every account and filter on that at the service end. For example in /etc/ldap.conf for PAM:
pam_filter (globalLock=off)
Enabled users get globalLock set to 'off'. Any other value will lock the user out.
It's simple enough to use in Apache and other applications too.
-- Liam Gretton liam.gretton@le.ac.uk Systems Specialist http://www.le.ac.uk/its IT Services Tel: +44 (0)116 2522254 University of Leicester, University Road Leicestershire LE1 7RH, United Kingdom
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.