On 04/09/2014 02:40 PM, Martin Kosek wrote:
On 04/09/2014 02:37 PM, Massimiliano Perrone (tirasa.net) wrote:
On 04/09/2014 02:01 PM, Martin Kosek wrote:
On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote:
Hi guys,
is there any way to check the user status on ldap server?

Thanks and regards,



It depends what you mean by status. We have a command to get a lock/auth status
of a user with user-status command:

# ipa user-status fbar
Account disabled: False
    Server: ipa.example.com
    Failed logins: 0
    Last successful authentication: 2014-04-09T12:00:39Z
    Last failed authentication: N/A
    Time now: 2014-04-09T12:00:42Z
Number of entries returned 1

Hi Martin,
thanks for your quick reply and I'm sorry to have been unclear.

For user status I mean only the value of "Account disabled" label pasted above.
And if that value is also saved on as ldap server attribute.


You can either see nsaccountlock attribute in user entry in LDAP or a return
value from FreeIPA API:

# ipa user-disable fbar
Disabled user account "fbar"
# ipa user-show fbar
   Account disabled: True


Perfect Martin.

From ldap point of view: a user is enabled when nsaccountlock is FALSE or is not present, whereas a user is disabled when nsaccountlock attribute is set to TRUE.


Massimiliano Perrone
Tel +39 393 9121310

Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173

Apache Syncope PMC Member

"L'apprendere molte cose non insegna l'intelligenza"

Freeipa-devel mailing list

Reply via email to