Radek Hladik wrote:
I would like to ask one stupid question about account inactivation. When I use FDS console to deactivate user, it produces some "magic" with CoS to add operational attribute nsAccountLock to the specified user entry. Is there any reason why this is done so complicated?It is done this way so that large numbers of accounts can be activated or deactivated with one single modification.
Why the nsAccountLock attribute can not be specified as optional attribute in for example posixAccount class? And is this approach possible in case I need only user account inactivation (I mean no groups or roles)?You should not do that because it modifies standard schema, and no good will come of that.
I need to provide our account administrators with some easy possibility to inactivate account via phpldapadmin and I would like to do it in as standard way as possible. Of course we could change the password hash specifier i.e. from {SSHA} to {SSHA-disabled} but I consider this as last resort option.You can do that right now. Add nsAccountLock: true to an entry it will be locked. Operational attributes don't require that the entry have a particular objectclass to pass schema check.
-- Pete
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
