1. Do an LDAP query on the user and check for an attribute called "nsAccountLock". If it is TRUE, then the account is disabled. If it is FALSE or not defined, then the account is enabled.
2. On a box with the IPA CLI tools installed, run the following command, "ipa user-status username". However, if you have several replicated IPA servers, you will see the status of the account on each IPA server along with the account status.
I hope this helps.
From: Chris Whittle
Sent: May 12, 2014 10:31 AM
Subject: [Freeipa-users] Bash script to see if user is enabled or disabled?
I am working on my mac setups and am wanting to ping the server every so often and check to see if their user is enabled or disabled. If Disabled then I will show them the login screen, log them out or something else.. What I need is how to check to see if they are enabled or not through bash... Anyone done sometime similar?
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users