I would like to script inactivating an account. From my investigation it looks like the nsaccountlock is set to true, and nsrole is set to cn=nsdisabledrole,dc=xxx,dc=yyy and nsroledn=cn=nsmanageddisabledrole,dc=xxx,dc=yyy.
Can anybody confirm this for me that I haven't left out anything vital?
Thanks
David Hoskinson | DATATRAK International Systems Engineer Mayfield Heights, Ohio, USA +1.440.443.0082 x 124 (p) | +1.216.280.5457 (m) david.hoskinson@datatrak.netmailto:david.hoskinson@datatrak.net | www.datatrak.nethttp://www.datatrak.net/
On 11/21/2011 01:15 PM, David Hoskinson wrote:
I would like to script inactivating an account. From my investigation it looks like the nsaccountlock is set to true, and nsrole is set to cn=nsdisabledrole,dc=xxx,dc=yyy and nsroledn=cn=nsmanageddisabledrole,dc=xxx,dc=yyy.
Can anybody confirm this for me that I haven't left out anything vital?
It's quite a bit more complicated than that. You also have to set up the Class of Service to provide the nsAccountLock value to the entries of the disabled role.
I'm afraid we don't have the exact steps documented, so you'll have to take a look at the ns-inactivate.pl script and grok the perl code.
Alternately, you could just scrap the roles/cos etc. scheme and just set the nsAccountLock attribute in each entry you want to inactivate. The only problem with that is it won't be compatible with the way the scripts and the console work, so you won't be able to use the scripts and the console to (in)activate users.
Thanks
David Hoskinson | *DATATRAK*International Systems Engineer Mayfield Heights, Ohio, USA +1.440.443.0082 x 124 (p) | +1.216.280.5457 (m) david.hoskinson@datatrak.net mailto:david.hoskinson@datatrak.net | www.datatrak.net http://www.datatrak.net/
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org