ldap filter gone and sambadomainnname not checked
Pierre Filippone
pierre.filippone at retail-sc.com
Thu Mar 2 11:53:37 GMT 2006
Hi,
we have a certain mechanism in our LDAP user management, which is called
user "expiry". This means that most LDAP attributes stay in place, when an
employee leaves the company, either temporarily or permanently. The user
account is still there, but it is made unusable by "destroying" a few ldap
attributes. This has proved to be very useful in the past.
With the upgrade of our domain controllers to 3.0.21c the "ldap filter"
option has gone. I could live with that, if I would only need to prevent
domain login for those expired users by using the nss_ldap filter. But the
expired users still appear in the user list of the domain, for example in
the Windows user manager, which is not, what I want.
I would have no problem, if Samba checked the sambadomainname attribute
for the right content before listing an entry as a user, because this is
one of the attributes we change, when expiring a user. But obviously it
does not.
My problem would also be solved, if you reintroduced "ldap filter", which
you probably won't do.
Any suggestions, how I could prevent those users from appearing in the
user list, without deleting all samba attributes ?
Thanks for any answer
Pierre Filippone
More information about the samba-technical
mailing list