[Freeipa-users] howto ldapsearch for disabled/enabled users?
Natxo Asenjo
natxo.asenjo at gmail.com
Fri Apr 15 13:18:25 UTC 2016
hi Harald,
On Fri, Apr 15, 2016 at 1:31 PM, Harald Dunkel <harald.dunkel at aixigo.de>
wrote:
> Hi folks,
>
> I have no luck with the ipa cli, so I wonder if it is
> possible to ldapsearch for disabled or enabled users?
> A command line like
>
> ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=com
> uid=somebody
>
> doesn't show :-(.
I just tested using the public demo1.freeipa.org instance and it works
using the 'hidden' nsaccountlock attribute:
$ ldapsearch -LLL -Y GSSAPI -h ipa.demo1.freeipa.org -b
cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org "(nsaccountlock=TRUE)" uid
SASL/GSSAPI authentication started
SASL username: helpdesk at DEMO1.FREEIPA.ORG
SASL SSF: 56
SASL data security layer installed.
dn: uid=test,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org
uid: test
dn: uid=bladibla,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org
uid: bladibla
I found out about the nsaccountlock in
https://www.mail-archive.com/search?l=freeipa-devel@redhat.com&q=subject:%22Re\%3A+\[Freeipa\-devel\]+User+status%22&o=newest&f=1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160415/2f259949/attachment.htm>
More information about the Freeipa-users
mailing list