Thanks everyone... Between what you guys said and some research i ended up doing this http://serverfault.com/questions/594443/how-can-i-force-a-mac-mobile-account-user-to-be-logged-out-or-locked-out-when-th/594773#594773
On Mon, May 12, 2014 at 4:31 PM, Michael ORourke <[email protected]>wrote: > I wrote a script to query IPA for accounts with passwords that are about > to expire (so I can nag them with an email to reset their password), and I > also added logic in my script to ignore accounts that are disabled. So I > needed a way to query my IPA server for this info. I came up with 2 > solutions for checking if the account is disabled. > 1. Do an LDAP query on the user and check for an attribute called > "nsAccountLock". If it is TRUE, then the account is disabled. If it is > FALSE or not defined, then the account is enabled. > 2. On a box with the IPA CLI tools installed, run the following command, > "ipa user-status username". However, if you have several replicated IPA > servers, you will see the status of the account on each IPA server along > with the account status. > > I hope this helps. > > -Mike > > -----Original Message----- > From: Chris Whittle > Sent: May 12, 2014 10:31 AM > To: freeipa-users > Subject: [Freeipa-users] Bash script to see if user is enabled or > disabled? > > I am working on my mac setups and am wanting to ping the server every so > often and check to see if their user is enabled or disabled. If Disabled > then I will show them the login screen, log them out or something else.. > What I need is how to check to see if they are enabled or not through > bash... Anyone done sometime similar? > >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
