[Freeipa-devel] account inactivation
Rob Crittenden
rcritten at redhat.com
Wed Nov 7 03:18:06 UTC 2007
Rob Crittenden wrote:
> Ok, I'm working on the "deactivate a whole group" thing.
>
> I managed to get it working and inactivated a group. I can still get a
> ticket with those members but binding to LDAP returns:
>
> Account inactivated. Contact system administrator.
>
> Cool.
>
> Now how do I re-activate them? I deleted the nsAccountLock attribute but
> I still cannot connect to FDS.
>
> rob
Ok, turns out I hadn't actually removed the attribute. I forgot that one
has to include that in the list of attributes when searching or it
doesn't show up. I had actually added a second value of ''. Fixed by
ldapmodify.
It does show that the ipa-usermod --del command simply doesn't work
though. I'll need to look more deeply at the way that the modlist is
created so that deletes will work properly without inadvertently
removing data in other cases.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071106/d6b8bb03/attachment.bin>
More information about the Freeipa-devel
mailing list