Hi,
Quick question. How is it possible to check the account lock status? I've configured the ppolicy according to the guide, the lock is working, the account is locked. And now how can I find out which accounts are currently locked out?
On Mon, Jan 25, 2010 at 10:51 PM, Radosław Antoniuk radek.antoniuk@gmail.com wrote:
Hi,
Quick question. How is it possible to check the account lock status? I've configured the ppolicy according to the guide, the lock is working, the account is locked. And now how can I find out which accounts are currently locked out?
Ok, found it, one has to do a search with the filter '(pwdAccountLockedTime=*)' . The interesting thing is that the query returns proper objects (the locked ones) but it does not list the pwdAccountLockedTime attribute. Anybody knows why?
Thanks,
Radek
Radosław Antoniuk radek.antoniuk@gmail.com writes:
On Mon, Jan 25, 2010 at 10:51 PM, Radosław Antoniuk radek.antoniuk@gmail.com wrote:
Hi,
Quick question. How is it possible to check the account lock status? I've configured the ppolicy according to the guide, the lock is working, the account is locked. And now how can I find out which accounts are currently locked out?
Ok, found it, one has to do a search with the filter '(pwdAccountLockedTime=*)' . The interesting thing is that the query returns proper objects (the locked ones) but it does not list the pwdAccountLockedTime attribute. Anybody knows why?
pwdAccountLockedTime is a operational attribute type, see man slapo-ppolicy(5).
-Dieter
Radosław Antoniuk wrote:
Hi,
Quick question. How is it possible to check the account lock status? I've configured the ppolicy according to the guide, the lock is working, the account is locked. And now how can I find out which accounts are currently locked out?
Evening,
it's really hard to tell since you haven't decided to share the link to how-to. So, let's guess - how about to select these accounts which have shadowLastChange+shadowExpire < now(). Please, insert appropriate values (% man 5 shadow; suggests days since Jan 1st 1970, but I don't know).
I hope it helps a bit. However, it might be just wild quess, as- :)
Regards, Zdenek
Zdenek Styblik wrote:
Radosław Antoniuk wrote:
Hi,
Quick question. How is it possible to check the account lock status? I've configured the ppolicy according to the guide, the lock is working, the account is locked. And now how can I find out which accounts are currently locked out?
Evening,
it's really hard to tell since you haven't decided to share the link to how-to. So, let's guess - how about to select these accounts which have shadowLastChange+shadowExpire < now(). Please, insert appropriate values (% man 5 shadow; suggests days since Jan 1st 1970, but I don't know).
I hope it helps a bit. However, it might be just wild quess, as- :)
Regards, Zdenek
Ignore that :)
openldap-technical@openldap.org