How to fetch ibm-pwdAccountLocked attribute using ldapsearch.
When you perform a normal ldapsearch against an Tivoli Directory Server, you'll probably not see all the attributes, especially the operational attributes.
For my tests, I needed to see the value of ibm-pwdAccountLocked, so here's how I could get it.
In the above output, you can see the user under ou=chirag-test1 has this attribute set to true, hence I see it in the ldapsearch output. Not the same for user under ou=oslo
For my tests, I needed to see the value of ibm-pwdAccountLocked, so here's how I could get it.
- Enable Password Policy on Tivoli Directory Server.
This is pretty straight forward if you have web console installed.
- Navigate to "Server Administration" -> "Manage Password Policy.
- Select the default policy -> Click on Edit.
- Click on Next -> Enable Password Policy -> Click Next
- Click on Finish
- Now that password policy is enabled, we can search for the attribute. Remember ibm-pwdAccountLocked will return ONLY when it is set to true. If it is false, you won't see the attribute in the search output.
So, for eg, I have 2 entries uid=Chirag inside o=sample. One has ibm-pwdAccountLocked true and other one false. Hence when I search like this, I see a corresponding output.
ldapsearch -x -LLL -h 9.9.0.1 -p 1389 -D cn=root -w pass123# -b o=sample uid=Chirag* +ibmpwdpolicy
dn: UID=Chirag Radhakrishnan,OU=users,ou=ad2,ou=oslo,o=sample
dn: UID=Chirag Radhakrishnan,OU=users,ou=chirag-test1,o=sample
ibm-pwdAccountLocked: true
Labels: ibm-pwdAccountLocked, ibmpwdpolicy, Password Policy, Tivoli Directory Server
posted by Chirag Radhakrishnan @ December 03, 2013
0 Comments
