directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: [Studio] Visual way to identify "disabled" users
Date Wed, 04 Oct 2017 12:25:00 GMT


Le 04/10/2017 à 13:57, Shawn McKinney a écrit :
>> On Oct 4, 2017, at 2:25 AM, Radovan Semancik <radovan.semancik@evolveum.com>
wrote:
>>
>> The problem is that there is no standard way how to disable a user in LDAP. Some
LDAP servers have proprietary attributes for this. And some servers (such as OpenLDAP) have
no good way to do this at all. Therefore there the studio has to support many algorithms and
it may even need custom extensions to support this properly.
> I wouldn’t characterize adherence to an expired IETF draft — proprietary.  The main
problem is LDAPv3 doesn’t include pw policies and the communities (us) have never bothered
to ratify an extension as standard.
>
> I’d suggest there could be coverage of a limited set of servers.
>
> For example fortress supports extensions common to openldap and apacheds and studio could
as well.

Actually, all those considerations are useless. As I said in another
mail, Studio does not have to knwo anything about the semantic of what
characterises a 'disabled' user : we just need to associated a filter
(that the Studio users will configure to fit their need) to a
presentation handler, leveraged by the Browser plugin when drawing an
entry. Simple, context-free, and does not take care of non-standard dead
draft that are not implemnted properly by many servers...


-- 

Emmanuel Lecharny

Symas.com
directory.apache.org


Mime
View raw message