[ale] disabled accounts and pam

[Dan Newcombe]

I have a RH7.1 system setup.  It has OpenLDAP running on it, and the
nss_ldap module has been setup as well, so that most users are in the LDAP
server, not /etc/passwd.

All this works fine.

What I'm looking for is a way to disable users that does not involve
deleteing the accounts.  I was hoping for something as simple for nss_ldap
or pam_ldap that would let me give it an LDAP object to look at for a
particular dn (something like isAccountDisabled) and based on the result
allow access or not.

However, both pam_ldap and nss_ldap seems to just care if the password
matches or not.

Does anyone know of a ready-to-go solution to this?  I don't really wann
have to write my own pam_ldap module to check this one thing if possible!

Thanks!
	-Dan

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.