If you use the shadowAccount ObjectClass, I think you can use the
attribute shadowExpire to control this in OpenLDAP.
Prakash
On Apr 14, 2008, at 12:28 PM, Andrew Morgan wrote:
> On Sat, 12 Apr 2008, Jyotishmaan Ray wrote:
>
>> Please see below for your reply,
>>
>> Yes, that is what i exactly meant. Suspend, means not allowing the
>> user to have successful authentication, without hampering his
>> password, for some time !!
>
> I'm not familiar with OpenLDAP, but the Sun Directory Server offers
> a way to "disable" accounts. A disabled account will always fail to
> authenticate to the LDAP server, but the stored password is not
> modified. The account can be un-disabled anytime without setting a
> new password.
>
> Does OpenLDAP offer a similar feature?
>
> Andy
Prakash Velayutham
Programmer / Analyst
Cincinnati Children's Hospital Medical Center
