[Samba] smbldap-tools and disabling a user
Logan Shaw
lshaw at emitinc.com
Tue Aug 15 21:41:42 GMT 2006
Hey everyone,
When someone leaves the company, I prefer to disable their
account rather than remove it (so that you can see who owns any
files they might leave on a filesystem somewhere). I'm using
an LDAP backend for Samba, and I'm using smbldap-tools to
manage accounts.
So, today I was going to disable an account for the
first time since switching over from plain /etc/passwd and
/etc/samba/smbpasswd, and it doesn't seem like there is any
tool that can handle both Unix and Samba accounts.
Specifically, smbldap-usermod has a "-I" option, which is
described as "disable user". It sets the "D" flag on the
Samba account info, but it doesn't have any effect on the
RFC 2307 userPassword. I noticed smbldap_tools.pm has a
disable_user() sub in it, which is even exported from the
module, but nothing calls it, and when I tried calling it
myself from a little Perl code, it didn't seem to work. Oh,
and I can't really use the straightforward "passwd -l" command,
because I'm using Slackware, which doesn't grok LDAP.
I ended up writing a little bash script which uses ldapmodify,
which does the job, but I'm wondering if there's a better way
that I'm missing. It seems odd that smbldap-useradd supports
adding both Unix and Samba accounts, and smbldap-userdel
supports deleting both, but smbldap-usermod only supports
disabling the Samba half of things...
- Logan
More information about the samba
mailing list