On Fri, 2012-12-21 at 11:33 -0500, Qing Chang wrote: > I hope google did not skip me when searching for an answer. > > I'd like to disable inactive accounts migrated from OpneLDAP, so far > I can only do it per web UI. Because I have hundreds of accounts to > disable, I really appreciate if someone can provide a command line > for me.
ipa user-disable shassan > I actually tried to figure out what attribute corresponds to "disabled" > but could not see it in ldapsearch output, for example: > > ldapsearch -LL -x -D 'cn=Directory Manager' -W -b 'dc=sri,dc=utoronto,dc=ca' > '(uid=shassan)' You have to explicitly request the 'nsAccountLock' attribute. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users