Hello<br><br><br><div class="gmail_quote">On Tue, Jul 17, 2012 at 10:10 PM, <span dir="ltr"><<a href="mailto:harry.devine@faa.gov" target="_blank">harry.devine@faa.gov</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br><font face="sans-serif">We have several users who no longer
need access, but may in the future, so we have set them to be Inactive
in their profile. However, we noticed that these accounts have re-activated
themselves and those users could log back in if they wanted to. How
do we make accounts that we specifically make inactive by pressing the
Inactivate button stay that way?</font>
<br>
<br><font face="sans-serif">We are using the following 389 versions
on CentOS 5.7 64-bit:</font>
<br>
<br><font face="sans-serif">389-ds-base-1.2.9.9-1.el5</font>
<br><font face="sans-serif">389-admin-1.1.29-1.el5</font>
<br><font face="sans-serif">389-ds-console-1.2.6-1.el5</font>
<br><font face="sans-serif">389-adminutil-1.1.15-1.el5</font>
<br><font face="sans-serif">389-admin-console-1.1.8-1.el5</font>
<br><font face="sans-serif">389-ds-console-doc-1.2.6-1.el5</font>
<br><font face="sans-serif">389-ds-base-libs-1.2.9.9-1.el5</font>
<br><font face="sans-serif">389-dsgw-1.1.9-1.el5</font>
<br><font face="sans-serif">389-console-1.1.7-3.el5</font>
<br><font face="sans-serif">389-admin-console-doc-1.1.8-1.el5</font>
<br><font face="sans-serif">389-ds-1.2.1-1.el5</font>
<br>
<br><font face="sans-serif">Thanks for any help!</font>
<br><font face="sans-serif">Harry</font><br><br></blockquote><div><br>Add below attribute with same value in user's ldap entry.<br><span id="DWT2068" class="ZmSearchResult"><br>nsAccountLock</span>: true<br><br># cat entry.ldif<br>
dn: uid=tuser, ou=people,dc=example,dc=com<br>changetype: modify<br>add: nsaccountlock<br>nsaccountlock: true<br><br># ldapmodify -x -a -D "cn=Directory manager" -w password -f entry.ldif<br><br><br>Regards<br>Arpit Tolani <br>
</div></div><br><br>