how to check user lock status

To: <openldap-technical@openldap.org>

Subject: how to check user lock status

From: "rockwang" <studyfordo@163.com>

Date: Thu, 16 Apr 2015 12:38:29 +0800

Content-language: zh-cn

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=gF5mS 04A5qJ1v4i/CpNFXMylFxZSyxl3Wchy73AThTk=; b=aty5LO5qti2ea3dMcn1q0 /nzV8MI+SH2WxsvcfbBQ91i9oAXYKFHuURnY+qBzeW4TwzmuOOUfIsePVqI00xzN R9vtso74x+X5HPWycgsc38chSdI4TCETrAoBlUXus81yqH1Bw5HBgaR6Ry2kaXqI WAzDEVNZL/WCg5HoREJ2Zg=

Thread-index: AdB37fqwlt7oaTv7RWa+4EtDv0YTpA==

Hi, all

I set policy for user as following

# default, policies, abc.com

dn: cn=default,ou=policies,dc=abc,dc=com

objectClass: top

objectClass: device

objectClass: pwdPolicy

cn: default

pwdAttribute: userPassword

pwdMaxAge: 7776002

pwdExpireWarning: 432000

pwdInHistory: 3

pwdCheckQuality: 1

pwdMinLength: 8

pwdMaxFailure: 5

pwdLockout: TRUE

pwdLockoutDuration: 900

pwdGraceAuthNLimit: 0

pwdFailureCountInterval: 0

pwdMustChange: TRUE

pwdAllowUserChange: TRUE

pwdSafeModify: FALSE

my question is how to check user lock status. Another question is pwdMustChange doesn’t work in linux client when user first login.

Rock.wang

Follow-Ups:

Re: how to check user lock status
- From: Dario Zanzico <dario@dariozanzico.com>
Re: how to check user lock status
- From: Abdelhamid MEDDEB <abdelhamid@meddeb.net>