Chris Whittle wrote:
I am working on my mac setups and am wanting to ping the server every so
often and check to see if their user is enabled or disabled. If
Disabled then I will show them the login screen, log them out or
something else.. What I need is how to check to see if they are enabled
or not through bash... Anyone done sometime similar?
It depends on the tools you have. Probably the most common tool would be
ldapsearch. It also depends on your configuration. I'm not very familiar
with configuring macos, so here is my best shot.
Assuming you have a host keytab, you can do something like:
$ kinit host/fqdn.example.com -kt /etc/krb5.keytab
$ ldapsearch -LLL -Y GSSAPI -b
uid=someuser,cn=users,cn=accounts,dc=example,dc=com nsaccountlock
If the value of nsaccountlock is TRUE then the account is disabled. Note
that this is an operational attribute so you need to request it
specifically. The possible values are:
- nothing, the attribute hasn't been set yet
- FALSE, the user is enabled
- TRUE, the user is disabled
You can replace -Y GSSAPI with -x to do an anonymous search.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
