Re: Using REST API to get user's locked and reset states

Thu, 01 Jun 2017 15:15:41 -0700 

Welcome Dave,

Can you export that corresponding user entry into ldif and post it here?   
We’ll need to see the operational attributes before trying to figure out where 
the problem is.  

For example, here’s an export I did of test user ‘foo1’.  You can see that I’ve 
put that user’s account into both a locked and reset state (in openldap).

You can also see this user’s password policy is ‘test1’.

dn: uid=foo1,ou=People,dc=example,dc=com
objectClass: extensibleObject
objectClass: ftMods
objectClass: ftProperties
objectClass: ftUserAttrs
objectClass: inetOrgPerson
objectClass: top
cn: foo1
ftId: fdc4a7f3-62f7-47d4-aac4-bac4b7cdb551
sn: fighter
description: foo fighter
displayName: foo1
ftCstr: foo1$0$$$$$$$
ftProps: initAttrArrays:
ou: dev1
uid: foo1
userPassword:: e1NTSEF9UVQ0K21NdE5lYTBwckFRTC96QlQ2akZrK1ZESTIxd3E=
createTimestamp: 20170601212713Z
creatorsName: cn=Manager,dc=example,dc=com
entryCSN: 20170601213012.870902Z#000000#000#000000
entryDN: uid=foo1,ou=People,dc=example,dc=com
entryUUID:: ZDJlMDE3YjItZGI1Yy0xMDM2LThlMzMtNTkzZmZmYzA1ODU4
hasSubordinates: FALSE
modifiersName: cn=Manager,dc=example,dc=com
modifyTimestamp: 20170601213012Z
pwdAccountLockedTime: 000001010000Z
pwdChangedTime: 20170601212844Z
pwdHistory:: MjAxNzA2MDEyMTI4NDRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXlSVm5jMjVUUThZN2libnVuVEpUR2VVY1pYeFBCdjFR
pwdPolicySubentry: cn=test1,ou=Policies,dc=example,dc=com
pwdReset: TRUE
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema



thanks
Shawn





> On Jun 1, 2017, at 10:57 AM, David Erie (US) <[email protected]> wrote:
> 
> Hello,
> We're evaluating Fortress with ApacheDS, and I'm trying to get a user's 
> account status (locked and reset, specifically) via the REST API for a user 
> whose account is locked and whose password has been reset.
> 
> What I get back is this:
> 
> <entity xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="user">
> ..
>                <userId>dave</userId>
>                <locked>false</locked>
>                <reset>false</reset>
> ..
> </entity>
> 
> How can I tell that a user's account has been locked or reset when these 
> Boolean properties don't seem to contain the correct information?
> 
> Thank you,
> Dave

Reply via email to