HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

301

302

303

304

305

306

307

308

309

310

See “Synchronizing Directory Server with Microsoft Active Directory” (page 391) for more information

on synchronizing Directory Server and Windows users and passwords.

7.2 Inactivating users and roles

A single user account or set of accounts can be temporarily inactivated. After an account is

inactivated, a user cannot bind to the directory. The authentication operation will fail.

Users and roles are inactivated using the operational attribute nsAccountLock. When an entry

contains the nsAccountLock attribute with a value of true, the server rejects the bind.

The same procedures are used to inactivate users and roles. However, when a role is inactivated,

the members of the role are inactivated, not the role entry itself. For more information about roles

in general and how roles interact with access control in particular, see “Organizing Entries with

roles, Class of service, and Views” (page 166).

• “Inactivating user and roles using the console” (page 301)

• “Inactivating user and roles using the command line” (page 301)

• “Activating user and roles using the console” (page 302)

• “Activating user and roles using the command line” (page 302)

CAUTION:

The root entry (the entry corresponding to the root or sub suffix) on a database cannot be inactivated.

Chapter 3 (page 96) has information on creating the entry for a root or sub suffix, and Chapter 2

(page 30) has information on creating root and sub suffixes.

7.2.1 Inactivating user and roles using the console

The following procedure describes inactivating a user or a role using the Console:

1. Select the Directory tab.

2. Browse the navigation tree in the left navigation pane, and double-click the user or role to

inactivate.

The Edit Entry dialog box appears.

Alternatively, select Inactivate from the Object menu.

3. Click Account in the left pane. The right pane states that the role or user is activate. Click the

Inactivate to inactivate the user or role.

4. Click OK.

After it is inactivated, the state of the object can be viewed by selecting Inactivation State from

the View→Display menu. The icon of the object then appears in the right pane of the Console

with a red slash through it.

7.2.2 Inactivating user and roles using the command line

To inactivate a user account, use the ns-inactivate.pl script. The following example describes

using the ns-inactivate.pl script to inactivate Joe Frasier's user account:

ns-inactivate.pl -D Directory Manager -w secret -p 389 -h example.com

-I "uid=jfrasier,ou=people,dc=example,dc=com"

The following table describes the ns-inactivate.pl options used in the example:

DescriptionOption Name

The DN of the directory administrator.-D

The password of the directory administrator.-w

7.2 Inactivating users and roles 301