<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 11/21/2011 01:15 PM, David Hoskinson wrote:
<blockquote
cite="mid:E50C008199FFE44AAEDE5C0CF50FD26823C69631EE@DFW1MBX01.mex07a.mlsrvr.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">I would like to script inactivating an
account. From my investigation it looks like the
nsaccountlock is set to true, and nsrole is set to
cn=nsdisabledrole,dc=xxx,dc=yyy and
nsroledn=cn=nsmanageddisabledrole,dc=xxx,dc=yyy.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Can anybody confirm this for me that I
haven’t left out anything vital?</p>
</div>
</blockquote>
It's quite a bit more complicated than that. You also have to set
up the Class of Service to provide the nsAccountLock value to the
entries of the disabled role.<br>
<br>
I'm afraid we don't have the exact steps documented, so you'll have
to take a look at the ns-inactivate.pl script and grok the perl
code.<br>
<br>
Alternately, you could just scrap the roles/cos etc. scheme and just
set the nsAccountLock attribute in each entry you want to
inactivate. The only problem with that is it won't be compatible
with the way the scripts and the console work, so you won't be able
to use the scripts and the console to (in)activate users.<br>
<blockquote
cite="mid:E50C008199FFE44AAEDE5C0CF50FD26823C69631EE@DFW1MBX01.mex07a.mlsrvr.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style=""><span style="font-size: 10pt;
font-family: "Arial","sans-serif";
color: black;">David Hoskinson | </span><b><span
style="font-size: 10pt; font-family:
"Arial","sans-serif"; color: blue;">DATATRAK</span></b><span
style="font-size: 10pt; font-family:
"Arial","sans-serif"; color: blue;">
International</span><span style="font-size: 10pt;
font-family: "Arial","sans-serif";
color: black;"><br>
Systems Engineer<br>
Mayfield Heights, Ohio, USA <br>
+1.440.443.0082 x 124 (p</span><span style="font-size: 10pt;
font-family: "Arial","sans-serif";">) | +1.216<span
style="color: black;">.280.5457 (m)<br>
<a moz-do-not-send="true"
href="mailto:david.hoskinson@datatrak.net"
title="blocked::mailto:anna.lyatkher@datatrak.net"><span
style="color: blue;">david.hoskinson@datatrak.net</span></a> | <a
moz-do-not-send="true" href="http://www.datatrak.net/"
title="blocked::http://www.datatrak.net/
http://www.datatrak.net/"><span style="color: blue;">www.datatrak.net</span></a></span></span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>