Did you have a chance to see these docs? "Preventing Authentication by Account Inactivation" in Directory Server Deployment Guide: http://www.redhat.com/docs/manuals/dir-server/deploy/7.1/aci.html#17614 And the command line scripts ns-activate.pl, ns-inactivate.pl, ns-accountstatus.pl. Configuration, Command, and File Reference PDF <http://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf> (2608 KB) Page 277-279 --noriko Scott wrote: > In our ldap we do not delete users, we deactivate them > with nsaccountlock. All user entries are in the same > branch of the tree. In this data structure, all uid's > are unique and are not used again. > > Ok well now our ldap is getting large and I would like > active users separate from inactive users to provide > better search performance. AFAIK lot of services keep > uid's so they cannot be used again. What's a good > design approach? Do inactive users move to another > tree? Maybe move to another server and use a referral > somehow. What do ldap admins do with all this dead > weight? :) > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3170 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060613/bdb4a336/attachment.bin
