On 15/04/16 13:31, Harald Dunkel wrote:
Hi folks,

I have no luck with the ipa cli, so I wonder if it is
possible to ldapsearch for disabled or enabled users?
A command line like

ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=com uid=somebody

doesn't show :-(.


Every helpful hint is highly welcome
Harri


Hello Harri,

the attribute you're looking for is 'nsaccountlock'. This command should give you uids of all disabled users:

$ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=test "(nsaccountlock=TRUE)" uid

--
David Kupka

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to