OpenLdap How to disable/enable/remove user account

Question

I'm newbie to OpenLDAP. I have done a bit of research on the above topic and so far couldn't find a satisfactory answer. I would appreciate if anyone can show me how to enable/disable/remove a user account in OpenLDAP.

Answer 1

admin changing user's password is not a good idea. it has several side effects:

• it will cause a login failure.
• it's not easy to re-enable user

I like the solution to add a ACL of userPassword attribute, see the solution here: acl control userPassword it's clean and effective.