Administration of LDAP accounts, including database and e-mail services, and LDAP group assignments
Maintainer
Information Technology
Source
Information Technology
Affects
Student database access, UNIX accounts, other services authenticated via LDAP
Affected By
Values
Requirements
When submitting records, an account with enabled services must have a password defined. The form will require that you provide a password if one has not previously been specified.
When creating new accounts, the login is verfiied to not exist on another account or (if IMAP support is enabled) not be associated with an active IMAP account (one with any messages present). If you delete an account you will be forced to wait until the IMAP account is deleted before the login may be re-used.
Operation
This form is one of many that manage LDAP account data, but only this form allows changes to LDAP services with any access level. Access to this form should be restricted to a minimal number of users.
Access to individual LDAP Services is available only when a service is specified for an account and it is enabled. Forms that manage access to specific services (e.g. e-mail or database) will typically disable a service but leave the service record in place.
LDAP Groups (defined on the UNIX Groups form) are active when they are specified and enabled. Some groups are automatically added to accounts based on information contained elsewhere in the database (this occurs whenever the LDAP->sync() method is called); those LDAP Groups are marked as "internal." The deletion of an "internal" group that has been automatically added may be reversed the next time automatic group memberships are checked. Disabling the group is preferred; the group status is not affected by the automatic group creation process.