On 09/02/2013 01:02 AM, Noriko Hosoi wrote:
How about searching entries and get each accountUnlockTime and
retryCountResetTime?
$ ldapsearch -LLLx -h localhost -p 389 -D 'cn=directory manager' -w
password -b "ou=people,dc=example,dc=com" accountUnlockTime
retryCountResetTime
dn: ou=People,dc=example,dc=com
dn: uid=tuser0,ou=People,dc=example,dc=com
accountUnlockTime: 20130208224324Z
retryCountResetTime: 20130208224120Z
dn: uid=tuser1,ou=People,dc=example,dc=com
accountUnlockTime: 19700101000000Z
retryCountResetTime: 20130208224513Z
retryCountResetTime shows when the entry was locked.
The account uid=tuser0 was locked until 20130208224324Z
(2012/02/08:22:43:24Z == 2012/02/08:14:43:24PST). But now it's
unlocked.
The account uid=tuser1 is locked forever since it never reaches
acountUnlockTime: 19700101000000Z.
Thanks,
--noriko
Thanks for the reply. I was just doing normal ldapsearch, without these
atrributes.
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
