hi Harald, On Fri, Apr 15, 2016 at 1:31 PM, Harald Dunkel <harald.dun...@aixigo.de> wrote:
> Hi folks, > > I have no luck with the ipa cli, so I wonder if it is > possible to ldapsearch for disabled or enabled users? > A command line like > > ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=com > uid=somebody > > doesn't show :-(. I just tested using the public demo1.freeipa.org instance and it works using the 'hidden' nsaccountlock attribute: $ ldapsearch -LLL -Y GSSAPI -h ipa.demo1.freeipa.org -b cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org "(nsaccountlock=TRUE)" uid SASL/GSSAPI authentication started SASL username: helpd...@demo1.freeipa.org SASL SSF: 56 SASL data security layer installed. dn: uid=test,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org uid: test dn: uid=bladibla,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org uid: bladibla I found out about the nsaccountlock in https://www.mail-archive.com/search?l=freeipa-de...@redhat.com&q=subject:%22Re\%3A+\[Freeipa\-devel\]+User+status%22&o=newest&f=1
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project