search for: ldb_opts

...$TMPLDIF echo "replace: userAccountControl" >> $TMPLDIF echo "userAccountControl: ${NEWFLAGS}" >> $TMPLDIF echo "-" >> $TMPLDIF echo "replace: badPwdCount" >> $TMPLDIF echo "badPwdCount: 0" >> $TMPLDIF ldbmodify ${LDB_OPTS} "$TMPLDIF" > /dev/null but do that if and only if account is locked, and i test that using: user_is_locked () { local locked="false" local UAC=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" userAc...

Mandi! Rowland penny via samba In chel di` si favelave... > If you go here: http://www.selfadsi.org/extended-ad/user-unlock.htm > It says: So, seems to me that 'Lockout-Duration' is an 'unused option'... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via

...utTime' | awk '{print $NF}' > See here: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/eb73820d-907a-49a5-a6f3-1847f86629b4 following the link here the code: user_is_locked () { # We folow spec, if zero, is not locked. local LOT=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lockoutTime | grep "^lockoutTime: " | cut -d ' ' -f 2-) if [ -z "${LOT}" ] || [ ${LOT} -eq 0 ]; then return 1 fi # If non-zero, we take into accoun...

Mandi! Rowland penny via samba In chel di` si favelave... > yes, Provided you use the right attribute to search on ;-) Ah! ;-) Just i'm here, i test three condition in account flags, eg: UAC=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" userAccountControl | grep "^userAccountControl: " | cut -d ' ' -f 2-) # Old 'D' flag: ((($UAC & 2) == 2)) && enabled="false" # 0x00000002 # Old 'X'...

...' >> See here: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/eb73820d-907a-49a5-a6f3-1847f86629b4 > following the link here the code: > > user_is_locked () { > > # We folow spec, if zero, is not locked. > local LOT=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lockoutTime | grep "^lockoutTime: " | cut -d ' ' -f 2-) > if [ -z "${LOT}" ] || [ ${LOT} -eq 0 ]; then > return 1 > fi > > # If n...

...; From my understanding, it is supposed to work in the way you think it does, the account gets locked out (for whatever reason) and 'lockoutTime' gets set to the time it was locked out, but 'lockoutDuration' isn't set where you seem to think it is ;-) You have: ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lockoutDuration | grep "^lockoutDuration: " | cut -d ' ' -f 2- It should be: ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=domain)(lockoutDuration=*))" lockoutDur...

...ace: userAccountControl" >> $TMPLDIF > echo "userAccountControl: ${NEWFLAGS}" >> $TMPLDIF > echo "-" >> $TMPLDIF > echo "replace: badPwdCount" >> $TMPLDIF > echo "badPwdCount: 0" >> $TMPLDIF > ldbmodify ${LDB_OPTS} "$TMPLDIF" > /dev/null > > but do that if and only if account is locked, and i test that using: > > user_is_locked () { > local locked="false" > local UAC=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(s...

...en someone contacts you and > screams 'I cannot log in') a way to unlock the user, the only way to do this > is to set 'lockoutTime' to '0' regardless of what it is set to now. Exactly. The function now appear as: user_is_locked () { local LOT=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lockoutTime | grep "^lockoutTime: " | cut -d ' ' -f 2-) if [ -z "${LOT}" ] || [ ${LOT} -eq 0 ]; then return 1 fi local LOD=$(ldbsearch ${LDB_OPTS}...

Hi We are using SAMBA4 As Active Directory We have a requirement to a) find out which user did not logging for more then 90 days and Delete those user by using script I am just wondering, is there any command to check in Samba4 to get user Last login time ? Thanks-- Regards -- Regards Fosiul Alam

Hello, is there a way to get the last uidNumber from ldap. I can do a ldapsearch like: ldapsearch -h samdom.example.com -D "administrator at samdom.example.com" -w "changeit" -b "DC=samdom,DC=example,DC=com" -x -LLL "(uidNumber=*)" uidNumber | grep -Po "(?<=uidNumber: )([0-9]{4})" | sort | tail -n1 But there is no guarantee that the last