(2013/02/08 13:47), Todor Petkov wrote:
Hello all,
I followed this guide
https://www.centos.org/docs/5/html/CDS/ag/8.0/User_Account_Management-Managing_the_Password_Policy.html#Managing_the_Password_Policy-Configuring_the_Account_Lockout_Policy
to implement password lock policy. The user is locked, the
automatic unlock is also fine.
How can I check if the user is locked, is there any way to see it
using the 389-console or ldapsearch or phpldapadmin for example? I
checked and can not find any. I would like to be able to know that
the user can not log because he is locked and unlock it. I found
out that reseting the password works as unlocking, but is there
another way?
Thanks,
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
How about searching entries and get each accountUnlockTime and
retryCountResetTime?
$ ldapsearch -LLLx -h localhost -p 389 -D 'cn=directory
manager' -w password -b "ou=people,dc=example,dc=com"
accountUnlockTime retryCountResetTime
dn: ou=People,dc=example,dc=com
dn: uid=tuser0,ou=People,dc=example,dc=com
accountUnlockTime: 20130208224324Z
retryCountResetTime: 20130208224120Z
dn: uid=tuser1,ou=People,dc=example,dc=com
accountUnlockTime: 19700101000000Z
retryCountResetTime: 20130208224513Z
retryCountResetTime shows when the entry was locked.
The account uid=tuser0 was locked until 20130208224324Z (2012/02/08:22:43:24Z
== 2012/02/08:14:43:24PST). But now it's unlocked.
The account uid=tuser1 is locked forever since it never reaches
acountUnlockTime: 19700101000000Z.
Thanks,
--noriko
|
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users