I'm using perl scripts to manage an LDAP directory. I'm wondering what is the best way to disable an ldap account. I'm thinking of changing the shell to /bin/false and randomly setting a password. Since if that use comes back to the company, we just need to change the shell and reset the password. Is this a good idea? Karl