Determining if a user is disabled in OD using LDAP query
Hello all,
I'm doing a LDAP query against my OD to make a web-based user directory. I'm using PHP and doing a LDAP search against 10.6 Server OD such as this:
$sr=ldap_search($ds, "cn=users,dc=my_server,dc=private", "(CN=*)");
The search is working perfectly, and I'm getting an array result with multiple key/values such as:
- objectclass
- uidnumber
- apple-generateduid
- apple-mcxflags
- loginshell
- etc.......
Since it's a listing of active employees, I want to identify deactivated ones and filter them out of my listing. However, I can't see any key/values that could tell me if a user is deactivated or not.
What would be the best way? Must I run a command line to see if a user is disabled, and if so, what command? (However, this would be poor on performance...)
Thanks.