On 15/04/16 13:31, Harald Dunkel wrote:
Hi folks,
I have no luck with the ipa cli, so I wonder if it is
possible to ldapsearch for disabled or enabled users?
A command line like
ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=com uid=somebody
doesn't show :-(.
Every helpful hint is highly welcome
Harri
Hello Harri,
the attribute you're looking for is 'nsaccountlock'. This command should
give you uids of all disabled users:
$ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=test
"(nsaccountlock=TRUE)" uid
--
David Kupka
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
