On 11/21/2011 01:15 PM, David Hoskinson wrote:
I would like to script inactivating an account. From my investigation
it looks like the nsaccountlock is set to true, and nsrole is set to
cn=nsdisabledrole,dc=xxx,dc=yyy and
nsroledn=cn=nsmanageddisabledrole,dc=xxx,dc=yyy.
Can anybody confirm this for me that I haven't left out anything vital?
It's quite a bit more complicated than that. You also have to set up
the Class of Service to provide the nsAccountLock value to the entries
of the disabled role.
I'm afraid we don't have the exact steps documented, so you'll have to
take a look at the ns-inactivate.pl script and grok the perl code.
Alternately, you could just scrap the roles/cos etc. scheme and just set
the nsAccountLock attribute in each entry you want to inactivate. The
only problem with that is it won't be compatible with the way the
scripts and the console work, so you won't be able to use the scripts
and the console to (in)activate users.
Thanks
David Hoskinson | *DATATRAK*International
Systems Engineer
Mayfield Heights, Ohio, USA
+1.440.443.0082 x 124 (p) | +1.216.280.5457 (m)
david.hoskinson(a)datatrak.net <mailto:david.hoskinson@datatrak.net> |
www.datatrak.net <
http://www.datatrak.net/>
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users