directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <>
Subject Re: Missing information on how to lock a user account
Date Fri, 20 Feb 2009 11:49:21 GMT
Emmanuel Lecharny wrote:
> What do you mean exactly ? It's an LDAP server, and the authentication
> system will just look for a user which DN is given, and compare its
> credential with what has been passed to the Bind Request operation (at
> least for a Simple authentication).
> Either the user exists and its credential are valid, and the user will
> be authenticated, or one of the two previous condition are not met,
> and the user won't be authenticated. There are no notion of
> enabled/disabled users, or locked.
> Did I misinterpretated your need ?
>> By checking the documentation I did not find any hint related to this
>> action, either. So I don't know if this feature is supported by the
>> Apache DS at all.

Just in addition to Emmanuel (who is right), Mike perhaps compares it to 
vendor specific features, some LDAP servers provide (Active Directory, 
IBM Tivoli, etc.).

You have different options to mimic such requirements with Standard LDAP 
functionality in ApacheDS. The easiest I have in mind is simply deleting 
the user entry. Other options depend on how you authenticate.

It is perhaps sufficient to remove the user from some group, or to 
remove his/her password attribute from the user entry. I have other 
things which would work in mind as well, but it depends on your exact 
requirements, whether they work or not.

Greetings from Hamburg,

View raw message