I think i was not as explicit as i would like. As you know, in openldap when we want to locked a user , the operational attribute "pwdAccountLockedTIme" is create with a value inside. This operational attribute doesn't exist for others users.
I need to check if this operational attribute exist or not. I don't find on the www how to do this. Thank you for your help LMP On 27/02/14 15:08, Plumel Louis-Marie wrote: > Ok i understand how it works, but i don't how to test if this > operational attribute exists or not. > > thanks > > LMP > > > On 26/02/14 16:07, Clément OUDOT wrote: >> >> >> >> 2014-02-26 16:03 GMT+01:00 Plumel Louis-Marie >> <[email protected] <mailto:[email protected]>>: >> >> Thank you Clément, >> But i did an bad request or not as explicit as i would like. >> >> I know that if i want to disable a user in openldap, i had to put >> a value in pwdAccountLockedTime. (But when i use an ldapbrowser i >> do not see this name pwdAccountLockedTime, but i know it exists.) >> >> >> It is an operational attribute, like modifyTimestamp. >> >> >> >> >> My question is how i can test if there is a value or not in >> pwdAccounLockedTime ? I'm sorry to ask such question but i'm not >> a specialist of LDAP. >> When i will know how to check this value, i want to disable or >> not users in AD. >> >> >> >> See the password policy draft : >> http://tools.ietf.org/id/draft-behera-ldap-password-policy-09.txt >> >> 5.3.3 pwdAccountLockedTime >> >> This attribute holds the time that the user's account was locked. A >> locked account means that the password may no longer be used to >> authenticate. A 000001010000Z value means that the account has been >> locked permanently, and that only a password administrator can unlock >> the account. >> >> ( 1.3.6.1.4.1.42.2.27.8.1.17 >> NAME 'pwdAccountLockedTime' >> DESC 'The time an user account was locked' >> EQUALITY generalizedTimeMatch >> ORDERING generalizedTimeOrderingMatch >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 >> SINGLE-VALUE >> NO-USER-MODIFICATION >> USAGE directoryOperation ) >> >> >> >> Clément. > > > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
