Discussion:
LDAP disable function for a DN?
n***@public.gmane.org
2005-01-17 14:52:05 UTC
Permalink
Does LDAP (Sun ONE DS 5.2) allow for a disable entry function ?
If we wanted to disable/invalidate an entry (group or user DN) without
physically removing the DN from the directory... is this possible? I've
not found any API methods (or any other way to do so...) but wanted to
check with this user group.

Thanks in advace for your time.
Neil

---
You are currently subscribed to ldap-63aXycvo3TyHXe+***@public.gmane.org as: [gclu-***@m.gmane.org]
To unsubscribe send email to ldap-request-63aXycvo3TyHXe+***@public.gmane.org with the word UNSUBSCRIBE as the SUBJECT of the message.
Hallvard B Furuseth
2005-01-17 17:42:36 UTC
Permalink
Post by n***@public.gmane.org
Does LDAP (Sun ONE DS 5.2) allow for a disable entry function ?
If we wanted to disable/invalidate an entry (group or user DN) without
physically removing the DN from the directory... is this possible?
Most LDAP servers implement access controls, which you can use to
hide and protect individual entries or collections of entries.

I don't know Sun ONE DS, but keywords to look for are Access Control,
ACI (Access Control Information) Items, and ACLs (Access Control Lists).
--
Hallvard
Sheppard, Eric
2005-01-17 18:42:46 UTC
Permalink
This link points to the secion in the SunOne directory Server 5.2
Administration Guide called "Inactivating and Activating Users and
Roles".
http://docs.sun.com/source/816-6698-10/useracct.html#14725
<http://docs.sun.com/source/816-6698-10/useracct.html#14725>

From the page:
"You can temporarily inactivate a single user account or a set of
accounts. Once inactivated, a user cannot bind to the directory. The
authentication operation will fail."

That should be what you're looking for.

-----Original Message-----
From: nburns-***@public.gmane.org [mailto:nburns-***@public.gmane.org]
Sent: Monday, January 17, 2005 9:52 AM
To: ldap-JX7+OpRa80TPh+ypUGD3Ib+***@public.gmane.org
Cc: armercer-***@public.gmane.org; malexander-***@public.gmane.org
Subject: [ldap] LDAP disable function for a DN?



Does LDAP (Sun ONE DS 5.2) allow for a disable entry function ?
If we wanted to disable/invalidate an entry (group or user DN)
without physically removing the DN from the directory... is this
possible? I've not found any API methods (or any other way to do so...)
but wanted to check with this user group.

Thanks in advace for your time.
Neil
---
You are currently subscribed to ldap-63aXycvo3TyHXe+***@public.gmane.org as:
[Eric.Sheppard-Bdlq13kUjey1Z/+***@public.gmane.org]
To unsubscribe send email to ldap-request-63aXycvo3TyHXe+***@public.gmane.org with the
word UNSUBSCRIBE as the SUBJECT of the message.


*****
"The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." 118



---
You are currently subscribed to ldap-63aXycvo3TyHXe+***@public.gmane.org as: [gclu-***@m.gmane.org]
To unsubscribe send email to ldap-request-63aXycvo3TyHXe+***@public.gmane.org with the word UNSUBSCRIBE as the SUBJECT of the message.
n***@public.gmane.org
2005-01-18 13:25:34 UTC
Permalink
Thanks Eric. Exactly what I was looking for.
Thanks to everyone for their replies.

Neil





"Sheppard, Eric"
<***@be
llsouth.com> To
<ldap-JX7+OpRa80TPh+ypUGD3Ib+***@public.gmane.org>
01/17/2005 01:42 cc
PM
Subject
[ldap] RE: LDAP disable function
for a DN?










This link points to the secion in the SunOne directory Server 5.2
Administration Guide called "Inactivating and Activating Users and Roles".
http://docs.sun.com/source/816-6698-10/useracct.html#14725
"You can temporarily inactivate a single user account or a set of accounts.
Once inactivated, a user cannot bind to the directory. The authentication
operation will fail."

That should be what you're looking for.
-----Original Message-----
From: nburns-***@public.gmane.org [mailto:nburns-***@public.gmane.org]
Sent: Monday, January 17, 2005 9:52 AM
To: ldap-JX7+OpRa80TPh+ypUGD3Ib+***@public.gmane.org
Cc: armercer-***@public.gmane.org; malexander-***@public.gmane.org
Subject: [ldap] LDAP disable function for a DN?



Does LDAP (Sun ONE DS 5.2) allow for a disable entry function ?
If we wanted to disable/invalidate an entry (group or user DN)
without physically removing the DN from the directory... is this
possible? I've not found any API methods (or any other way to do
so...) but wanted to check with this user group.

Thanks in advace for your time.
Neil
---
You are currently subscribed to ldap-63aXycvo3TyHXe+***@public.gmane.org as:
[Eric.Sheppard-Bdlq13kUjey1Z/+***@public.gmane.org]
To unsubscribe send email to ldap-request-63aXycvo3TyHXe+***@public.gmane.org with the word
UNSUBSCRIBE as the SUBJECT of the message.


---
You are currently subscribed to ldap-63aXycvo3TyHXe+***@public.gmane.org as: [NBurns-oQFXY4Vn4Wd4beGV+***@public.gmane.orgm]
To unsubscribe send email to ldap-request-63aXycvo3TyHXe+***@public.gmane.org with the word
UNSUBSCRIBE as the SUBJECT of the message.


*****


"The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential,
proprietary, and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance
upon this information by persons or entities other than the intended
recipient is prohibited. If you received this in error, please
contact the sender and delete the material from all computers." 118
Loading...