[midPoint] Disable OpenLDAP Users on MidPoint

[Parttimaa Jan]

Hi,

I checked that and I add this to aci.ldif but no luck:

olcAccess: to attrs=userPassword dn.subtree="ou=people,dc=ldap,dc=pisnismiehet,dc=local" filter="(midPointAccountStatus=disabled)" by dn.subtree="ou=unixgroups,dc=ldap,dc=pisnismiehet,dc=local" none by anonymous none by * break

Disabled user can still login to Linux via OpenLDAP.

We did OpenLDAP installation and configuration following this wiki article<https://wiki.evolveum.com/display/midPoint/OpenLDAP+Installation+and+Configuration>.

Not sure is that ACI row above correct or not.

Best Regards,
Jan Parttimaa

Jan Parttimaa
1602738,
Tietojenkäsittelyn koulutusohjelma,
Haaga-Helia ammattikorkeakoulu, Pasilan kampus

From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Pálos Gustáv
Sent: maanantai 26. marraskuuta 2018 22.55
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Disable OpenLDAP Users on MidPoint

Hi Jan,

please see:
https://wiki.evolveum.com/display/midPoint/Recommended+OpenLDAP+Structure#RecommendedOpenLDAPStructure-AccountDisableMechanism

Best regards,

Gustav

po 26. 11. 2018 o 19:57 Parttimaa Jan <jan.parttimaa at myy.haaga-helia.fi<mailto:jan.parttimaa at myy.haaga-helia.fi>> napísal(a):
Hi,

I read that disable OpenLDAP users in MidPoint can be pain in a ass. How do you disable OpenLDAP users in MidPoint? Any tips and tricks about this?

Best Regards,
Jan Parttimaa

Jan Parttimaa
1602738,
Tietojenkäsittelyn koulutusohjelma,
Haaga-Helia ammattikorkeakoulu, Pasilan kampus

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint


--
Gustáv Pálos
Identity Engineer
evolveum.com<http://evolveum.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181127/b21a1f28/attachment.htm>