Ldap – PhpLdapAdmin – How to disable a user/uid

ldapopenldap

Using PhpLdapAdmin, how do you disable/lock a user/uid so that it can't be used to login to anything on the network that uses LDAP?

Best Answer

The easiest method would be to just zero the password. You could also add an explicit ACL to deny that user access to the directory (remember, an LDAP authentication triggers a bind call).

You could also add a custom field and update your search filter to only include users where that custom field is correct. I do it this way.

Related Solutions

Ldap – How to test a LDAP connection from a client

Use ldapsearch. It will return an error if you cannot query the LDAP Server.

The syntax for using ldapsearch:

ldapsearch -x -LLL -h [host] -D [user] -w [password] -b [base DN] -s sub "([filter])" [attribute list]

A simple example

$ ldapsearch -x -LLL -h host.example.com -D user -w password -b"dc=ad,dc=example,dc=com" -s sub "(objectClass=user)" givenName

~~Please see this link: http://randomerror.wordpress.com/2009/10/16/quick-tip-how-to-search-in-windows-active-directory-from-linux-with-ldapsearch/~~

Edit: It seems you don't have pam configured corectlly for gdm/xdm here is an example how to do it: http://pastebin.com/TDK4KWRV

Ldap – How to add new attribute to an existing LDAP user objects

$ ldapmodify -H ldap://yourhost -D cn=youradmin,dc=your,dc=domain -x -W
( enter password here )
dn: uid=username,ou=people,dc=your,dc=domain
changetype: modify
add: mail
mail: youremailaddress@here.com

Best Answer

Related Solutions

Ldap – How to test a LDAP connection from a client

Ldap – How to add new attribute to an existing LDAP user objects

Related Topic