Did you have a chance to see these docs?"Preventing Authentication by Account Inactivation" in Directory Server Deployment Guide:
http://www.redhat.com/docs/manuals/dir-server/deploy/7.1/aci.html#17614And the command line scripts ns-activate.pl, ns-inactivate.pl, ns-accountstatus.pl.
Configuration, Command, and File ReferencePDF <http://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf> (2608 KB)
Page 277-279 --noriko Scott wrote:
In our ldap we do not delete users, we deactivate them with nsaccountlock. All user entries are in the same branch of the tree. In this data structure, all uid's are unique and are not used again. Ok well now our ldap is getting large and I would like active users separate from inactive users to provide better search performance. AFAIK lot of services keep uid's so they cannot be used again. What's a good design approach? Do inactive users move to another tree? Maybe move to another server and use a referral somehow. What do ldap admins do with all this dead weight? :) __________________________________________________ Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
