[389-users] Setting account to inactive
Rich Megginson
rmeggins at redhat.com
Mon Nov 21 20:23:04 UTC 2011
On 11/21/2011 01:15 PM, David Hoskinson wrote:
>
> I would like to script inactivating an account. From my investigation
> it looks like the nsaccountlock is set to true, and nsrole is set to
> cn=nsdisabledrole,dc=xxx,dc=yyy and
> nsroledn=cn=nsmanageddisabledrole,dc=xxx,dc=yyy.
>
> Can anybody confirm this for me that I haven't left out anything vital?
>
It's quite a bit more complicated than that. You also have to set up
the Class of Service to provide the nsAccountLock value to the entries
of the disabled role.
I'm afraid we don't have the exact steps documented, so you'll have to
take a look at the ns-inactivate.pl script and grok the perl code.
Alternately, you could just scrap the roles/cos etc. scheme and just set
the nsAccountLock attribute in each entry you want to inactivate. The
only problem with that is it won't be compatible with the way the
scripts and the console work, so you won't be able to use the scripts
and the console to (in)activate users.
>
> Thanks
>
> David Hoskinson | *DATATRAK*International
> Systems Engineer
> Mayfield Heights, Ohio, USA
> +1.440.443.0082 x 124 (p) | +1.216.280.5457 (m)
> david.hoskinson at datatrak.net <mailto:david.hoskinson at datatrak.net> |
> www.datatrak.net <http://www.datatrak.net/>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111121/cf8f11a2/attachment.html>
More information about the 389-users
mailing list