On 04/09/2014 03:15 PM, Massimiliano Perrone (tirasa.net) wrote: > On 04/09/2014 02:40 PM, Martin Kosek wrote: >> On 04/09/2014 02:37 PM, Massimiliano Perrone (tirasa.net) wrote: >>> On 04/09/2014 02:01 PM, Martin Kosek wrote: >>>> On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote: >>>>> Hi guys, >>>>> is there any way to check the user status on ldap server? >>>>> >>>>> Thanks and regards, >>>>> >>>>> Massi >>>>> >>>> Hello, >>>> >>>> It depends what you mean by status. We have a command to get a lock/auth >>>> status >>>> of a user with user-status command: >>>> >>>> # ipa user-status fbar >>>> ----------------------- >>>> Account disabled: False >>>> ----------------------- >>>> Server: ipa.example.com >>>> Failed logins: 0 >>>> Last successful authentication: 2014-04-09T12:00:39Z >>>> Last failed authentication: N/A >>>> Time now: 2014-04-09T12:00:42Z >>>> ---------------------------- >>>> Number of entries returned 1 >>>> ---------------------------- >>>> >>>> Martin >>> Hi Martin, >>> thanks for your quick reply and I'm sorry to have been unclear. >>> >>> For user status I mean only the value of "Account disabled" label pasted >>> above. >>> And if that value is also saved on as ldap server attribute. >>> >>> Massi >>> >> You can either see nsaccountlock attribute in user entry in LDAP or a return >> value from FreeIPA API: >> >> # ipa user-disable fbar >> ---------------------------- >> Disabled user account "fbar" >> ---------------------------- >> # ipa user-show fbar >> ... >> Account disabled: True >> ... >> >> Martin > > Perfect Martin. > > From ldap point of view: a user is enabled when nsaccountlock is FALSE or is > not present, whereas a user is disabled when nsaccountlock attribute is set to > TRUE. > > Thanks, > Massi >
Exactly. Note that nsaccountlock is an LDAP operational attribute and you will need to explicitly specify it in your LDAP search to retrieve it. Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
