I would like to ask one stupid question about account inactivation. When
I use FDS console to deactivate user, it produces some "magic" with
CoS to add operational attribute nsAccountLock to the specified user
entry. Is there any reason why this is done so complicated? Why the
nsAccountLock attribute can not be specified as optional attribute in
for example posixAccount class? And is this approach possible in case I
need only user account inactivation (I mean no groups or roles)?
I need to provide our account administrators with some easy possibility
to inactivate account via phpldapadmin and I would like to do it in as
standard way as possible. Of course we could change the password hash
specifier i.e. from {SSHA} to {SSHA-disabled} but I consider this as
last resort option.
Radek
