[389-users] Deactivating accounts
Arpit Tolani
arpittolani at gmail.com
Tue Jul 17 17:13:42 UTC 2012
Hello
On Tue, Jul 17, 2012 at 10:10 PM, <harry.devine at faa.gov> wrote:
>
> We have several users who no longer need access, but may in the future, so
> we have set them to be Inactive in their profile. However, we noticed that
> these accounts have re-activated themselves and those users could log back
> in if they wanted to. How do we make accounts that we specifically make
> inactive by pressing the Inactivate button stay that way?
>
> We are using the following 389 versions on CentOS 5.7 64-bit:
>
> 389-ds-base-1.2.9.9-1.el5
> 389-admin-1.1.29-1.el5
> 389-ds-console-1.2.6-1.el5
> 389-adminutil-1.1.15-1.el5
> 389-admin-console-1.1.8-1.el5
> 389-ds-console-doc-1.2.6-1.el5
> 389-ds-base-libs-1.2.9.9-1.el5
> 389-dsgw-1.1.9-1.el5
> 389-console-1.1.7-3.el5
> 389-admin-console-doc-1.1.8-1.el5
> 389-ds-1.2.1-1.el5
>
> Thanks for any help!
> Harry
>
>
Add below attribute with same value in user's ldap entry.
nsAccountLock: true
# cat entry.ldif
dn: uid=tuser, ou=people,dc=example,dc=com
changetype: modify
add: nsaccountlock
nsaccountlock: true
# ldapmodify -x -a -D "cn=Directory manager" -w password -f entry.ldif
Regards
Arpit Tolani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120717/888afd65/attachment.html>
More information about the 389-users
mailing list