On 11/21/2011 01:15 PM, David Hoskinson wrote:

I would like to script inactivating an account. From my investigation it looks like the nsaccountlock is set to true, and nsrole is set to cn=nsdisabledrole,dc=xxx,dc=yyy and nsroledn=cn=nsmanageddisabledrole,dc=xxx,dc=yyy.

Can anybody confirm this for me that I haven’t left out anything vital?

It's quite a bit more complicated than that. You also have to set up the Class of Service to provide the nsAccountLock value to the entries of the disabled role.

I'm afraid we don't have the exact steps documented, so you'll have to take a look at the ns-inactivate.pl script and grok the perl code.

Alternately, you could just scrap the roles/cos etc. scheme and just set the nsAccountLock attribute in each entry you want to inactivate. The only problem with that is it won't be compatible with the way the scripts and the console work, so you won't be able to use the scripts and the console to (in)activate users.

Thanks

David Hoskinson | DATATRAK International
Systems Engineer
Mayfield Heights, Ohio, USA
+1.440.443.0082 x 124 (p) | +1.216.280.5457 (m)
david.hoskinson@datatrak.net | www.datatrak.net
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users