On 04/09/2014 02:40 PM, Martin Kosek wrote:
On 04/09/2014 02:37 PM, Massimiliano Perrone (tirasa.net) wrote:
On 04/09/2014 02:01 PM, Martin Kosek wrote:
On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote:
Hi guys,
is there any way to check the user status on ldap server?
Thanks and regards,
Massi
Hello,
It depends what you mean by status. We have a command to get a lock/auth status
of a user with user-status command:
# ipa user-status fbar
-----------------------
Account disabled: False
-----------------------
Server: ipa.example.com
Failed logins: 0
Last successful authentication: 2014-04-09T12:00:39Z
Last failed authentication: N/A
Time now: 2014-04-09T12:00:42Z
----------------------------
Number of entries returned 1
----------------------------
Martin
Hi Martin,
thanks for your quick reply and I'm sorry to have been unclear.
For user status I mean only the value of "Account disabled" label pasted above.
And if that value is also saved on as ldap server attribute.
Massi
You can either see nsaccountlock attribute in user entry in LDAP or a return
value from FreeIPA API:
# ipa user-disable fbar
----------------------------
Disabled user account "fbar"
----------------------------
# ipa user-show fbar
...
Account disabled: True
...
Martin
Perfect Martin.
From ldap point of view: a user is enabled when nsaccountlock is FALSE
or is not present, whereas a user is disabled when nsaccountlock
attribute is set to TRUE.
Thanks,
Massi
--
Massimiliano Perrone
Tel +39 393 9121310
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~massi/
"L'apprendere molte cose non insegna l'intelligenza"
(Eraclito)
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
