[Freeipa-devel] User status

Martin Kosek mkosek at redhat.com
Wed Apr 9 12:40:51 UTC 2014


On 04/09/2014 02:37 PM, Massimiliano Perrone (tirasa.net) wrote:
> On 04/09/2014 02:01 PM, Martin Kosek wrote:
>> On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote:
>>> Hi guys,
>>> is there any way to check the user status on ldap server?
>>>
>>> Thanks and regards,
>>>
>>> Massi
>>>
>> Hello,
>>
>> It depends what you mean by status. We have a command to get a lock/auth status
>> of a user with user-status command:
>>
>> # ipa user-status fbar
>> -----------------------
>> Account disabled: False
>> -----------------------
>>    Server: ipa.example.com
>>    Failed logins: 0
>>    Last successful authentication: 2014-04-09T12:00:39Z
>>    Last failed authentication: N/A
>>    Time now: 2014-04-09T12:00:42Z
>> ----------------------------
>> Number of entries returned 1
>> ----------------------------
>>
>> Martin
> 
> Hi Martin,
> thanks for your quick reply and I'm sorry to have been unclear.
> 
> For user status I mean only the value of "Account disabled" label pasted above.
> And if that value is also saved on as ldap server attribute.
> 
> Massi
> 

You can either see nsaccountlock attribute in user entry in LDAP or a return
value from FreeIPA API:

# ipa user-disable fbar
----------------------------
Disabled user account "fbar"
----------------------------
# ipa user-show fbar
...
  Account disabled: True
...

Martin




More information about the Freeipa-devel mailing list