On 15/04/16 13:31, Harald Dunkel wrote:
I have no luck with the ipa cli, so I wonder if it is
possible to ldapsearch for disabled or enabled users?
A command line like
ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=com uid=somebody
doesn't show :-(.
Every helpful hint is highly welcome
the attribute you're looking for is 'nsaccountlock'. This command should
give you uids of all disabled users:
$ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=test
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project