Am 21.11.2011 14:25, schrieb Jayavant Patil:
> Hi,
>
> I am using openldap-2.4.19-4 on fedora 12 machine. Does anybody know how
> to enable/disable a user account in openLDAP? I know ppolicy overlay but I
> don't require this password based locking.
>
> Thanks in advance.
>
Hi,
we lock UNIX/Samba/Kerberos accounts in our system by "invalidating" the
userPassword (i.E. putting some random string before the '{HASH}' part),
settings the loginShell to '/bin/false' and putting the 'D' flag in
sambaAcctFlags.
Scrambling userPassword will prevent logins based on simple bind,
changing the loginShell prevents PublicKey logins and 'D' in
sambaAcctFlags disables logins with Samba and Heimdal Kerberos.
Regards,
Christian Manal
