search for: user_is_lock

...amp;(objectClass=user)(samaccountname=locktest)(lockoutTime>=0))' lockoutTime | grep 'lockoutTime' | awk '{print $NF}' > See here: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/eb73820d-907a-49a5-a6f3-1847f86629b4 following the link here the code: user_is_locked () { # We folow spec, if zero, is not locked. local LOT=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lockoutTime | grep "^lockoutTime: " | cut -d ' ' -f 2-) if [ -z "${LOT}" ] || [ ${...

...ser)(samaccountname=locktest)(lockoutTime>=0))' lockoutTime | grep 'lockoutTime' | awk '{print $NF}' >> See here: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/eb73820d-907a-49a5-a6f3-1847f86629b4 > following the link here the code: > > user_is_locked () { > > # We folow spec, if zero, is not locked. > local LOT=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lockoutTime | grep "^lockoutTime: " | cut -d ' ' -f 2-) > if [ -z "...

...ot; >> $TMPLDIF echo "-" >> $TMPLDIF echo "replace: badPwdCount" >> $TMPLDIF echo "badPwdCount: 0" >> $TMPLDIF ldbmodify ${LDB_OPTS} "$TMPLDIF" > /dev/null but do that if and only if account is locked, and i test that using: user_is_locked () { local locked="false" local UAC=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" userAccountControl | grep "^userAccountControl: " | cut -d ' ' -f 2-) # Prevent error conditions on que...

...t; > LOD=1 > + LOD=1 > > TMPF=$((${LOT} + ${LOD})) > + TMPF=2 > echo $TMPF > + echo 2 > 2 > > TMPF=$((LOT+LOD)) > + TMPF=2 > echo $TMPF > + echo 2 > 2 > > >> I take it that you are calling the function like this: user_is_locked gaio >> try it like this: res=$(user_is_locked gaio) >> change all 'return' to 'echo' >> Then check what "$res" is > I've runm the script manually with 'bash -x', and so i've seen that LOT > is non zero, while LOD is zero. > &gt...

...-" >> $TMPLDIF > echo "replace: badPwdCount" >> $TMPLDIF > echo "badPwdCount: 0" >> $TMPLDIF > ldbmodify ${LDB_OPTS} "$TMPLDIF" > /dev/null > > but do that if and only if account is locked, and i test that using: > > user_is_locked () { > local locked="false" > local UAC=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" userAccountControl | grep "^userAccountControl: " | cut -d ' ' -f 2-) > # Prevent error...

...? Apart bashism, this seems not the point: root at vdcsv1:~# bash -vx /tmp/test LOT=1 + LOT=1 LOD=1 + LOD=1 TMPF=$((${LOT} + ${LOD})) + TMPF=2 echo $TMPF + echo 2 2 TMPF=$((LOT+LOD)) + TMPF=2 echo $TMPF + echo 2 2 > I take it that you are calling the function like this: user_is_locked gaio > try it like this: res=$(user_is_locked gaio) > change all 'return' to 'echo' > Then check what "$res" is I've runm the script manually with 'bash -x', and so i've seen that LOT is non zero, while LOD is zero. But clearly 'LockoutTime...

Mandi! Rowland penny via samba In chel di` si favelave... > If you go here: http://www.selfadsi.org/extended-ad/user-unlock.htm > It says: So, seems to me that 'Lockout-Duration' is an 'unused option'... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via

...NOW. > However, you want to script (presumably when someone contacts you and > screams 'I cannot log in') a way to unlock the user, the only way to do this > is to set 'lockoutTime' to '0' regardless of what it is set to now. Exactly. The function now appear as: user_is_locked () { local LOT=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lockoutTime | grep "^lockoutTime: " | cut -d ' ' -f 2-) if [ -z "${LOT}" ] || [ ${LOT} -eq 0 ]; then return 1...