[Freeipa-users] howto ldapsearch for disabled/enabled users?
David Kupka
dkupka at redhat.com
Fri Apr 15 13:11:55 UTC 2016
On 15/04/16 13:31, Harald Dunkel wrote:
> Hi folks,
>
> I have no luck with the ipa cli, so I wonder if it is
> possible to ldapsearch for disabled or enabled users?
> A command line like
>
> ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=com uid=somebody
>
> doesn't show :-(.
>
>
> Every helpful hint is highly welcome
> Harri
>
Hello Harri,
the attribute you're looking for is 'nsaccountlock'. This command should
give you uids of all disabled users:
$ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=test
"(nsaccountlock=TRUE)" uid
--
David Kupka
More information about the Freeipa-users
mailing list