On 04/09/2014 02:40 PM, Martin Kosek wrote:
On 04/09/2014 02:37 PM, Massimiliano Perrone (tirasa.net) wrote:
On 04/09/2014 02:01 PM, Martin Kosek wrote:
On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote:
Hi guys,
is there any way to check the user status on ldap server?

Thanks and regards,

Massi

Hello,

It depends what you mean by status. We have a command to get a lock/auth status
of a user with user-status command:

# ipa user-status fbar
-----------------------
Account disabled: False
-----------------------
    Server: ipa.example.com
    Failed logins: 0
    Last successful authentication: 2014-04-09T12:00:39Z
    Last failed authentication: N/A
    Time now: 2014-04-09T12:00:42Z
----------------------------
Number of entries returned 1
----------------------------

Martin
Hi Martin,
thanks for your quick reply and I'm sorry to have been unclear.

For user status I mean only the value of "Account disabled" label pasted above.
And if that value is also saved on as ldap server attribute.

Massi

You can either see nsaccountlock attribute in user entry in LDAP or a return
value from FreeIPA API:

# ipa user-disable fbar
----------------------------
Disabled user account "fbar"
----------------------------
# ipa user-show fbar
...
   Account disabled: True
...

Martin

Perfect Martin.

From ldap point of view: a user is enabled when nsaccountlock is FALSE or is not present, whereas a user is disabled when nsaccountlock attribute is set to TRUE.

Thanks,
Massi

--
Massimiliano Perrone
Tel +39 393 9121310

Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member
http://people.apache.org/~massi/

"L'apprendere molte cose non insegna l'intelligenza"
(Eraclito)

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to