Unless I'm interpreting the man pages, and documentation wrong there seems to be some issues with the dsidm utility. Perhaps I'm doing something wrong?
This works.
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b dc=mydomain,dc=com account get-by-dn uid=mstarlingt,ou=People,dc=mydomain,dc=com dn: uid=mstarlingt,ou=People,dc=mydomain,dc=com cn: Mike Starling gecos: Mike Starling test account gidNumber: 100 givenName: Mike homeDirectory: /home/mstarlingt loginShell: /bin/ksh mail: mstarling@mydomain.com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowExpire: 99999 shadowLastChange: 18857 shadowMax: 33 shadowWarning: 1 sn: Starling uid: mstarlingt uidNumber: 25574
#Password reset works
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b dc=mydomain,dc=com account reset_password "uid=mstarlingt,ou=People,dc=mydomain,dc=com" Enter new password for uid=mstarlingt,ou=People,dc=mydomain,dc=com : CONFIRM - Enter new password for uid=mstarlingt,ou=People,dc=mydomain,dc=com : reset password for uid=mstarlingt,ou=People,dc=mydomain,dc=com
#Unable to lock the account.
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b dc=mydomain,dc=com account lock uid=mstarlingt Error: No such object
I consult the help which says to specify the dn
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b dc=mydomain,dc=com account lock -h usage: dsidm instance account lock [-h] [dn]
positional arguments: dn The dn to lock
optional arguments: -h, --help show this help message and exit
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b dc=mydomain,dc=com account lock uid=mstarlingt,ou=People,dc=mydomain,dc=com Error: search_ext() argument 1 must be str, not None
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b dc=mydomain,dc=com account lock "uid=mstarlingt,ou=People,dc=mydomain,dc=com" Error: search_ext() argument 1 must be str, not None
dsidm -W -D cn=manager -Z ldaps://labdsa101.athenahealth.com -b dc=mydomain,dc=com account lock "uid=mstarlingt"
I tried changing the base to the People OU where the account lives
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b ou=People,dc=mydomain,dc=com account lock "uid=mstarlingt,ou=People,dc=mydomain,dc=com" Error: search_ext() argument 1 must be str, not None
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b dc=mydomain,dc=com user get Enter uid to retrieve : mstarlingt Error: No object exists given the filter criteria mstarlingt
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b dc=mydomain,dc=com user get Enter uid to retrieve : uid=mstarlingt,ou=People,dc=mydomain,dc=com Error: No object exists given the filter criteria uid=mstarlingt,ou=People,dc=mydomain,dc=com
dsidm -W -D cn=manager -Z ldaps://labdsa101.mydomain.com -b dc=mydomain,dc=com user get Enter uid to retrieve : uid=mstarlingt Error: No object exists given the filter criteria uid=mstarlingt
389-users@lists.fedoraproject.org