To terminate all of a user’s processes:

After disabling the user account, you need to kill all of the user’s active processes that are currently running on the directory server.

Warning: Unconditionally killing all of a user’s processes will cause the user to lose any unsaved data.

1Make all processes clean up and exit by entering the following command, replacing ajohnson with the user name:

$ sudo killall -TERM -u ajohnson

2Wait a few seconds to allow the previous command to execute. To terminate all user processes unconditionally, enter the following command, replacing ajohnson with the user name:

$ sudo killall -9 -u ajohnson

Refer to the killall man page for more information about terminating processes.

To reenable a user account that is disabled:

1Start the dscl tool in interactive mode, specifying the computer you are using as the source of directory service data:

$ dscl localhost

>

2Change the current folder to /LDAPv3/ipaddress/Users by entering the path at the prompt:

> cd /LDAPv3/ipaddress/Users

Replace ipaddress with the IP address of your directory server. If using a NetInfo directory domain, enter cd /NetInfo/root/Users at the prompt.

3Authenticate as an administrator by entering the following command, replacing adminusername with your administrator user name, and entering your administrator password when prompted:

> auth adminusername

4Quit dscl by entering:

> quit

5Enable the user account by entering the following command. Replace ajohnson with the short name of the user account and replace diradmin with the short name of your domain administrator account.

$ pwpolicy -a diradmin -u ajohnson -setpolicy “isDisabled=0”

Chapter 8 Working with Users and Groups

105

Page 105
Image 105
Apple Mac OS X Server manual To terminate all of a user’s processes, To reenable a user account that is disabled