Date: Thu, 18 Nov 2004 20:18:00 +0200 From: "Cezar Fistik" <cezar@arax.md> To: <freebsd-questions@freebsd.org> Subject: account management pam_ldap+nss_ldap Message-ID: <003401c4cd9a$f31cb8e0$33a11ad9@office.arax.md>
next in thread | raw e-mail | index | archive | help
Hello all, I would greatly appreciate if someone could help me or point me to the = right place to find a solution to the following problem. I have a system = (5.3-release) configured to do user authentication through pam and ldap = using map_ldap.so and nss_ldap.so. Everything is fine with that = configuration, I am able to login, ssh and ftp to the system using users = configured only in ldap with no problem. What I'm looking for is a way to manage these accounts, I mean to = temporarily disable (locking) an account or a group of accounts, like = "pw lock username", set accounts expiration date and so on. I spent the = last 2 days searching but found nothing, or maybe I was looking in wrong = places? Please if someone did things like described above, help me. Actually, = I'm most interested in disabling/enabling an ldap account/group without = deleting it. I was trying to find a solution myself and have thought of following. To = create an ldap schema file which will have an objectclass with the = accountEnabled attribute (and maybe some others too). To include this = objectclass for DNs containing users and somehow to create a filter in = nss_ldap config file wich will do the filtering taking into account the = accountEnabled flag. What do you think of this approach? I would = appreciate any suggestions. Thanks,=20 Cezar Fistik=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003401c4cd9a$f31cb8e0$33a11ad9>