directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: [Studio] Visual way to identify "disabled" users
Date Wed, 04 Oct 2017 12:20:43 GMT

Le 04/10/2017 à 13:47, Lothar Haeger a écrit :
> Radovan Semancik wrote:
>> The problem is that there is no standard way how to disable a user in 
>> LDAP. Some LDAP servers have proprietary attributes for this. And some 
>> servers (such as OpenLDAP) have no good way to do this at all. Therefore 
>> there the studio has to support many algorithms and it may even need 
>> custom extensions to support this properly.
> A general solution (solving a lot of other use cases as a side effect) would be
> to implement a generic color/font/format coding feature. Let users define ldap
> searches and assign formatting styles to those objects that match. Could be
> strikethrough font, font/background color, object icon, watever.
> In a second step, pre-defined filter/formatting sets implementing common useful
> scenario's (like the one Graham posted) could be delivered with Studio so user
> can just enable them if needed. Those delivered sets would also double as
> example code and templates for custom needs.

That could work. Note that the user would just have to define a filter
to match entries, something like :
(&(objectClass=posixAccount)(|pwdAccountLockedTime=*)) which will be
valid if the entry is a PosixAccount and the account is locked (that is
when you use passwordPolicy). We can imagine other filters, typically
when working with AD.

The logic would be to associated such a filter to a entry handler in
charge of the entry presentation (color, police, style, etc) so that
when the browser expose the entries, it calls the handler and knows what
to do accordingly to the filter.

Not that complicated to implement, but it requires a bit of work. If
someone wants to give it a try, we would be very please to add this code
to the server !

Emmanuel Lecharny

View raw message