[389-users] How to check if user is locked
Todor Petkov
zakk at online.bg
Fri Feb 8 23:29:40 UTC 2013
On 09/02/2013 01:02 AM, Noriko Hosoi wrote:
> How about searching entries and get each accountUnlockTime and
> retryCountResetTime?
>
>> $ ldapsearch -LLLx -h localhost -p 389 -D 'cn=directory manager' -w
>> password -b "ou=people,dc=example,dc=com" accountUnlockTime
>> retryCountResetTime
>> dn: ou=People,dc=example,dc=com
>>
>> dn: uid=tuser0,ou=People,dc=example,dc=com
>> accountUnlockTime: 20130208224324Z
>> retryCountResetTime: 20130208224120Z
>>
>> dn: uid=tuser1,ou=People,dc=example,dc=com
>> accountUnlockTime: 19700101000000Z
>> retryCountResetTime: 20130208224513Z
> retryCountResetTime shows when the entry was locked.
>
> The account uid=tuser0 was locked until 20130208224324Z
> (2012/02/08:22:43:24Z == 2012/02/08:14:43:24PST). But now it's
> unlocked.
>
> The account uid=tuser1 is locked forever since it never reaches
> acountUnlockTime: 19700101000000Z.
>
> Thanks,
> --noriko
>
>
Thanks for the reply. I was just doing normal ldapsearch, without these
atrributes.
More information about the 389-users
mailing list