On 15/04/16 13:31, Harald Dunkel wrote:
Hi folks,

I have no luck with the ipa cli, so I wonder if it is
possible to ldapsearch for disabled or enabled users?
A command line like

ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=com uid=somebody

doesn't show :-(.

Every helpful hint is highly welcome

Hello Harri,

the attribute you're looking for is 'nsaccountlock'. This command should give you uids of all disabled users:

$ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=test "(nsaccountlock=TRUE)" uid

David Kupka

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to