[Freeipa-devel] User status

[Massimiliano Perrone (tirasa.net)]

On 04/09/2014 02:40 PM, Martin Kosek wrote:
> On 04/09/2014 02:37 PM, Massimiliano Perrone (tirasa.net) wrote:
>> On 04/09/2014 02:01 PM, Martin Kosek wrote:
>>> On 04/09/2014 01:30 PM, Massimiliano Perrone (tirasa.net) wrote:
>>>> Hi guys,
>>>> is there any way to check the user status on ldap server?
>>>>
>>>> Thanks and regards,
>>>>
>>>> Massi
>>>>
>>> Hello,
>>>
>>> It depends what you mean by status. We have a command to get a lock/auth status
>>> of a user with user-status command:
>>>
>>> # ipa user-status fbar
>>> -----------------------
>>> Account disabled: False
>>> -----------------------
>>>     Server: ipa.example.com
>>>     Failed logins: 0
>>>     Last successful authentication: 2014-04-09T12:00:39Z
>>>     Last failed authentication: N/A
>>>     Time now: 2014-04-09T12:00:42Z
>>> ----------------------------
>>> Number of entries returned 1
>>> ----------------------------
>>>
>>> Martin
>> Hi Martin,
>> thanks for your quick reply and I'm sorry to have been unclear.
>>
>> For user status I mean only the value of "Account disabled" label pasted above.
>> And if that value is also saved on as ldap server attribute.
>>
>> Massi
>>
> You can either see nsaccountlock attribute in user entry in LDAP or a return
> value from FreeIPA API:
>
> # ipa user-disable fbar
> ----------------------------
> Disabled user account "fbar"
> ----------------------------
> # ipa user-show fbar
> ...
>    Account disabled: True
> ...
>
> Martin

Perfect Martin.

 From ldap point of view: a user is enabled when nsaccountlock is FALSE 
or is not present, whereas a user is disabled when nsaccountlock 
attribute is set to TRUE.

Thanks,
Massi

-- 
Massimiliano Perrone
Tel +39 393 9121310

Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member
http://people.apache.org/~massi/

"L'apprendere molte cose non insegna l'intelligenza"
(Eraclito)