On Fri, Feb 20, 2009 at 6:49 AM, Stefan Zoerner <[email protected]> wrote:
> Emmanuel Lecharny wrote: > >> What do you mean exactly ? It's an LDAP server, and the authentication >> system will just look for a user which DN is given, and compare its >> credential with what has been passed to the Bind Request operation (at >> least for a Simple authentication). >> >> Either the user exists and its credential are valid, and the user will >> be authenticated, or one of the two previous condition are not met, >> and the user won't be authenticated. There are no notion of >> enabled/disabled users, or locked. >> >> Did I misinterpretated your need ? >> >> By checking the documentation I did not find any hint related to this >>> action, either. So I don't know if this feature is supported by the >>> Apache DS at all. >>> >> > > Just in addition to Emmanuel (who is right), Mike perhaps compares it to > vendor specific features, some LDAP servers provide (Active Directory, IBM > Tivoli, etc.). > > You have different options to mimic such requirements with Standard LDAP > functionality in ApacheDS. The easiest I have in mind is simply deleting the > user entry. Other options depend on how you authenticate. > > It is perhaps sufficient to remove the user from some group, or to remove > his/her password attribute from the user entry. I have other things which > would work in mind as well, but it depends on your exact requirements, > whether they work or not. > Yep removing the userPassword attribute or even using an ACI can do it. I'd personally just remove the userPassword attribute. Alex
