2014-02-26 16:03 GMT+01:00 Plumel Louis-Marie <[email protected]>:
> Thank you Clément, > But i did an bad request or not as explicit as i would like. > > I know that if i want to disable a user in openldap, i had to put a value > in pwdAccountLockedTime. (But when i use an ldapbrowser i do not see this > name pwdAccountLockedTime, but i know it exists.) > It is an operational attribute, like modifyTimestamp. > > My question is how i can test if there is a value or not in > pwdAccounLockedTime ? I'm sorry to ask such question but i'm not a > specialist of LDAP. > When i will know how to check this value, i want to disable or not users > in AD. > > See the password policy draft : http://tools.ietf.org/id/draft-behera-ldap-password-policy-09.txt 5.3.3 pwdAccountLockedTime This attribute holds the time that the user's account was locked. A locked account means that the password may no longer be used to authenticate. A 000001010000Z value means that the account has been locked permanently, and that only a password administrator can unlock the account. ( 1.3.6.1.4.1.42.2.27.8.1.17 NAME 'pwdAccountLockedTime' DESC 'The time an user account was locked' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
