I'm newbie to OpenLDAP. I have done a bit of research on the above topic and so far couldn't find a satisfactory answer. I would appreciate if anyone can show me how to enable/disable/remove a user account in OpenLDAP.
OpenLdap How to disable/enable/remove user account
admin changing user's password is not a good idea. it has several side effects:
- it will cause a login failure.
- it's not easy to re-enable user
I like the solution to add a ACL of userPassword attribute, see the solution here: acl control userPassword it's clean and effective.
- Disable: using the password-policy overlay, set
pwdAccountLockedTime. - Enable: clear or remove the above attribute.
- Remove: remove the entry for the user from the DIT.
I'm using openldap 2.4.31 on Ubuntu and i don't think the ppolicy schema comes with it .. Do i need to add them to slapd.conf? Is there a quick tutorial on setting this up? –
Drat
ppolicy is not a schema, it is an overlay, and it does indeed come with 2.4.31. You need to read man slapo-policy. –
Ephedrine Setting up for this ppolicy is not simple. Is there a simple quick tutorial on this? By the way my OpenLDAP is not using OLC. Can ppolicy works on slapd.conf, the old way? –
Drat
Not aware of a tutorial (zytrax.com is the place to look for OpenLDAP), but nothing there on policy Incould see) but it's covered in a book whose title I forget, anyway it's the most obvious OpenLDAP book. OpenLDAP overlays don't care which way you do your configuration. –
Ephedrine
The book is Matt Butcher, Mastering OpenLDAP. –
Ephedrine
The simplest way for an admin to disable an account is to change the password.
the account could be easily re-activated by giving the user the password and ask the user to change.
© 2022 - 2024 — McMap. All rights reserved.