On Fri, 2012-12-21 at 11:33 -0500, Qing Chang wrote:
> I hope google did not skip me when searching for an answer.
> I'd like to disable inactive accounts migrated from OpneLDAP, so far
> I can only do it per web UI. Because I have hundreds of accounts to
> disable, I really appreciate if someone can provide a command line
> for me.

ipa user-disable shassan

> I actually tried to figure out what attribute corresponds to "disabled"
> but could not see it in ldapsearch output, for example:
> ldapsearch -LL -x -D 'cn=Directory Manager' -W -b 'dc=sri,dc=utoronto,dc=ca' 
> '(uid=shassan)'

You have to explicitly request the 'nsAccountLock' attribute.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to