1

Is there a way to setup OpenLDAP on a Linux (Redhat/CentOS) system so that when a user is removed from the LDAP server or he/she is removed from the "login is authorized" group, all his/her open terminal sessions are immediately (or quickly) closed ?

The sequence I'm looking for is :

  1. user1 is logged in via PAM/LDAP with a bash session
  2. another user with LDAP-admin-rights removes the user from the LDAP database (or removes the user from the group that can log-in to this system )
  3. what I would like : the bash session is stopped

I couldn't find any option to do that, except limiting the duration of sessions and waiting for the end the session.

Touisteur EmporteUneVache
  • 23
  • 3

1 Answers1

4

That's not something that LDAP can and should do. To do this automatically, the system would need to constantly scan the LDAP directory to check if the user is still valid and that's just not a good approach.

Just write a short script that deactivates/delete the users and kills all (bash?) processes on the relevant systems.

Sven
  • 97,248
  • 13
  • 177
  • 225
  • Active Directory doesn't do this either, but it does have the hooks needed to write plug-ins that can do it. – Joel Coel Jan 08 '16 at 15:37