Displaying 6 results from an estimated 6 matches for "primarytelexnumber".
2023 Oct 28
1
query account expired state
...n of making a small cron-script for this purpose.
>
> To prevent a potential race condition with Samba updating something
> in 'userAccountControl' and the cron-script as well, it might be a
> better idea to use another user attribute, for example the nowadays
> obscure 'primaryTelexNumber ' and set it to 'expired=true'.? With
> that the issue is solved, the LDAP query to check for a user that can
> be allowed to login would be:
>
> '(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(primaryTelexNumber=*expired=true*)))'...
2023 Oct 28
1
query account expired state
...gs me back to the
plan of making a small cron-script for this purpose.
To prevent a potential race condition with Samba updating something in
'userAccountControl' and the cron-script as well, it might be a better
idea to use another user attribute, for example the nowadays obscure
'primaryTelexNumber ' and set it to 'expired=true'.? With that the issue
is solved, the LDAP query to check for a user that can be allowed to
login would be:
'(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(primaryTelexNumber=*expired=true*)))'
Using asterisks a...
2023 Oct 28
1
query account expired state
...cron-script for this purpose.
>>
>> To prevent a potential race condition with Samba updating something
>> in 'userAccountControl' and the cron-script as well, it might be a
>> better idea to use another user attribute, for example the nowadays
>> obscure 'primaryTelexNumber ' and set it to 'expired=true'.? With
>> that the issue is solved, the LDAP query to check for a user that can
>> be allowed to login would be:
>>
>> '(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(primaryTelexNumber=*expired...
2023 Oct 29
1
Fwd: query account expired state
...cron-script for this purpose.
>>
>> To prevent a potential race condition with Samba updating something
>> in 'userAccountControl' and the cron-script as well, it might be a
>> better idea to use another user attribute, for example the nowadays
>> obscure 'primaryTelexNumber ' and set it to 'expired=true'. With
>> that the issue is solved, the LDAP query to check for a user that can
>> be allowed to login would be:
>>
>> '(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(primaryTelexNumber=*expired=...
2023 Oct 29
1
Fwd: query account expired state
...pose.
> >>
> >> To prevent a potential race condition with Samba updating something
> >> in 'userAccountControl' and the cron-script as well, it might be a
> >> better idea to use another user attribute, for example the nowadays
> >> obscure 'primaryTelexNumber ' and set it to 'expired=true'. With
> >> that the issue is solved, the LDAP query to check for a user that
> >> can be allowed to login would be:
> >>
> >> '(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(primaryT...
2023 Oct 28
1
query account expired state
On Sat, 28 Oct 2023 13:50:31 +0200
Kees van Vloten via samba <samba at lists.samba.org> wrote:
> >> I consider this a big security omission: if? Samba is the source of
> >> information but not the the authenticator of the user, that
> >> application cannot block expired users !
> > But, Samba when running as an AD DC is the source of information AND
>