[Samba] smbldap-tools and disabling a user

Logan Shaw lshaw at emitinc.com
Tue Aug 15 21:41:42 GMT 2006

Hey everyone,

When someone leaves the company, I prefer to disable their
account rather than remove it (so that you can see who owns any
files they might leave on a filesystem somewhere).  I'm using
an LDAP backend for Samba, and I'm using smbldap-tools to
manage accounts.

So, today I was going to disable an account for the
first time since switching over from plain /etc/passwd and
/etc/samba/smbpasswd, and it doesn't seem like there is any
tool that can handle both Unix and Samba accounts.

Specifically, smbldap-usermod has a "-I" option, which is
described as "disable user".  It sets the "D" flag on the
Samba account info, but it doesn't have any effect on the
RFC 2307 userPassword.  I noticed smbldap_tools.pm has a
disable_user() sub in it, which is even exported from the
module, but nothing calls it, and when I tried calling it
myself from a little Perl code, it didn't seem to work.  Oh,
and I can't really use the straightforward "passwd -l" command,
because I'm using Slackware, which doesn't grok LDAP.

I ended up writing a little bash script which uses ldapmodify,
which does the job, but I'm wondering if there's a better way
that I'm missing.  It seems odd that smbldap-useradd supports
adding both Unix and Samba accounts, and smbldap-userdel
supports deleting both, but smbldap-usermod only supports
disabling the Samba half of things...

   - Logan

More information about the samba mailing list