Ok i understand how it works, but i don't how to test if this operational attribute exists or not.
thanks LMP On 26/02/14 16:07, Clément OUDOT wrote: > > > > 2014-02-26 16:03 GMT+01:00 Plumel Louis-Marie > <[email protected] <mailto:[email protected]>>: > > Thank you Clément, > But i did an bad request or not as explicit as i would like. > > I know that if i want to disable a user in openldap, i had to put > a value in pwdAccountLockedTime. (But when i use an ldapbrowser i > do not see this name pwdAccountLockedTime, but i know it exists.) > > > It is an operational attribute, like modifyTimestamp. > > > > > My question is how i can test if there is a value or not in > pwdAccounLockedTime ? I'm sorry to ask such question but i'm not a > specialist of LDAP. > When i will know how to check this value, i want to disable or not > users in AD. > > > > See the password policy draft : > http://tools.ietf.org/id/draft-behera-ldap-password-policy-09.txt > > 5.3.3 pwdAccountLockedTime > > This attribute holds the time that the user's account was locked. A > locked account means that the password may no longer be used to > authenticate. A 000001010000Z value means that the account has been > locked permanently, and that only a password administrator can unlock > the account. > > ( 1.3.6.1.4.1.42.2.27.8.1.17 > NAME 'pwdAccountLockedTime' > DESC 'The time an user account was locked' > EQUALITY generalizedTimeMatch > ORDERING generalizedTimeOrderingMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 > SINGLE-VALUE > NO-USER-MODIFICATION > USAGE directoryOperation ) > > > > Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
