[SAC] LDAP users still being created during maintainance
Sandro Santilli
strk at keybit.net
Wed May 11 11:31:33 PDT 2016
On Wed, May 11, 2016 at 08:00:00PM +0200, Sandro Santilli wrote:
> On Wed, May 11, 2016 at 09:58:26AM -0700, Alex M wrote:
> > I disagree, at most inactive accounts should be disabled, not deleted.
>
> Yes, disabled is better. But we want a way to tell if an account
> is enabled or disabled, via ldapsearch (and document that). Do
> you know how could that be done ?
It looks like for enable/disable account there's an "overlay"
(kind of plugin for LDAP server, if I understood correctly)
to be added:
http://www.openldap.org/lists/openldap-technical/200810/msg00107.html
Does anyone have experience with these "overlays" ?
Similar need (an overlay) exists for storing "last usage", as
documented in ("last bind"): https://trac.osgeo.org/osgeo/ticket/1675
Shall I file another ticket for adding this "ppolicy" overlay ?
--strk;
More information about the Sac
mailing list