[Freeipa-users] howto ldapsearch for disabled/enabled users?
Harald Dunkel
harald.dunkel at aixigo.de
Fri Apr 15 14:06:01 UTC 2016
Hi David,
On 04/15/16 15:11, David Kupka wrote:
>
> Hello Harri,
>
> the attribute you're looking for is 'nsaccountlock'. This command should give you uids of all disabled users:
>
> $ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=test "(nsaccountlock=TRUE)" uid
>
Thats exactly what I was looking for. For the record: Searching for
"nsaccountlock=FALSE" did not work. I had to use
ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=test '(!(nsaccountlock=TRUE))' uid
instead.
Thanx very much for your help
Harri
More information about the Freeipa-users
mailing list