[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: how to check user lock status
2015-04-19 11:09 GMT+02:00 Dario Zanzico <dario@dariozanzico.com>:
> On Thu, Apr 16, 2015, at 06:38 AM, rockwang wrote:
>> Hi, all
>>
>> I set policy for user as following
>> # default, policies, abc.com
>> dn: cn=default,ou=policies,dc=abc,dc=com
>> objectClass: top
>> objectClass: device
>> objectClass: pwdPolicy
>> cn: default
>> pwdAttribute: userPassword
>> pwdMaxAge: 7776002
>> pwdExpireWarning: 432000
>> pwdInHistory: 3
>> pwdCheckQuality: 1
>> pwdMinLength: 8
>> pwdMaxFailure: 5
>> pwdLockout: TRUE
>> pwdLockoutDuration: 900
>> pwdGraceAuthNLimit: 0
>> pwdFailureCountInterval: 0
>> pwdMustChange: TRUE
>> pwdAllowUserChange: TRUE
>> pwdSafeModify: FALSE
>>
>> my question is how to check user lock status.
>
> with this policy an entry will have its password expired (will be denied
> BIND with a invalid credential message) when
> #
> account.pwdLastChange + policy.pwdMaxAge > $currentTimestamp
> #
>
This is about password expiration, not password lock status. To check
lock, read pwdAccountLockedTime attribute. If it is present, the
password is locked.
Clément.