Thanks everyone... Between what you guys said and some research i ended up
On Mon, May 12, 2014 at 4:31 PM, Michael ORourke <mrorou...@earthlink.net>wrote:
> I wrote a script to query IPA for accounts with passwords that are about
> to expire (so I can nag them with an email to reset their password), and I
> also added logic in my script to ignore accounts that are disabled. So I
> needed a way to query my IPA server for this info. I came up with 2
> solutions for checking if the account is disabled.
> 1. Do an LDAP query on the user and check for an attribute called
> "nsAccountLock". If it is TRUE, then the account is disabled. If it is
> FALSE or not defined, then the account is enabled.
> 2. On a box with the IPA CLI tools installed, run the following command,
> "ipa user-status username". However, if you have several replicated IPA
> servers, you will see the status of the account on each IPA server along
> with the account status.
> I hope this helps.
> -----Original Message-----
> From: Chris Whittle
> Sent: May 12, 2014 10:31 AM
> To: freeipa-users
> Subject: [Freeipa-users] Bash script to see if user is enabled or
> I am working on my mac setups and am wanting to ping the server every so
> often and check to see if their user is enabled or disabled. If Disabled
> then I will show them the login screen, log them out or something else..
> What I need is how to check to see if they are enabled or not through
> bash... Anyone done sometime similar?
Freeipa-users mailing list