[Freeipa-devel] account inactivation
Rob Crittenden
rcritten at redhat.com
Tue Nov 6 22:58:13 UTC 2007
Simo Sorce wrote:
> On Tue, 2007-11-06 at 17:41 -0500, Rob Crittenden wrote:
>> Ok, I'm working on the "deactivate a whole group" thing.
>>
>> I managed to get it working and inactivated a group. I can still get a
>> ticket with those members but binding to LDAP returns:
>
> I was looking into account inactivation on the flight, but the problem
> with kldap is that I couldn't find any attribute to do that (although I
> was sleepy I admit).
> I suspect there may be something in the data blob kldap sticks into ldap
> (bleah).
>
>> Account inactivated. Contact system administrator.
>>
>> Cool.
>>
>> Now how do I re-activate them? I deleted the nsAccountLock attribute but
>> I still cannot connect to FDS.
>
> Are you getting refused even after doing a new bind ?
>
> Simo.
>
Right, I can get a ticket but can't use it.
[rcrit at ipa ipa-gui]$ kinit rcrit
Password for rcrit at GREYOAK.COM:
[rcrit at ipa ipa-gui]$ ldapsearch -Y GSSAPI -b "dc=greyoak,dc=com" uid=rcrit
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Server is unwilling to perform (53)
additional info: Account inactivated. Contact system administrator.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071106/a1c5d620/attachment.bin>
More information about the Freeipa-devel
mailing list