7321N/A<?
xml version="1.0" encoding="UTF-8"?>
7321N/A ! This work is licensed under the Creative Commons 7321N/A ! Attribution-NonCommercial-NoDerivs 3.0 Unported License. 7321N/A ! To view a copy of this license, visit 7321N/A ! or send a letter to Creative Commons, 444 Castro Street, 7321N/A ! Suite 900, Mountain View, California, 94041, USA. 7321N/A ! You can also obtain a copy of the license at 7321N/A ! See the License for the specific language governing permissions 7321N/A ! and limitations under the License. 7321N/A ! If applicable, add the following below this CCPL HEADER, with the fields 7321N/A ! enclosed by brackets "[]" replaced with your own identifying information: 7321N/A ! Portions Copyright [yyyy] [name of copyright owner] 7321N/A ! Copyright 2011-2014 ForgeRock AS 7321N/A<
refentry xml:
id='manage-account-1' 7321N/A version='5.0' xml:
lang='en' 7321N/A <
info><
copyright><
year>2011-2014</
year><
holder>ForgeRock AS</
holder></
copyright></
info>
7321N/A <
refentrytitle>manage-account</
refentrytitle><
manvolnum>1</
manvolnum>
7321N/A <
refmiscinfo class="software">OpenDJ</
refmiscinfo>
7321N/A <
refmiscinfo class="version"><?
eval ${
docTargetVersion}?></
refmiscinfo>
7321N/A <
refname>manage-account</
refname>
7321N/A <
refpurpose>manage state of directory server accounts</
refpurpose>
7321N/A <
command>manage-account</
command>
7321N/A <
command><
replaceable>subcommand</
replaceable></
command>
7321N/A <
arg choice="req">options</
arg>
7321N/A <
para>This utility can be used to retrieve and manipulate the values of
7321N/A password policy state variables.</
para>
7321N/A <
para>The following subcommands are supported.</
para>
7321N/A <
term><
command>manage-account clear-account-is-disabled</
command></
term>
7321N/A <
para>Clear account disabled state information from the user account</
para>
7321N/A <
term><
command>manage-account get-account-expiration-time</
command></
term>
7321N/A <
para>Display when the user account will expire</
para>
7321N/A <
term><
command>manage-account get-account-is-disabled</
command></
term>
7321N/A <
para>Display information about whether the user account has been
7321N/A administratively disabled</
para>
7321N/A <
term><
command>manage-account get-all</
command></
term>
7321N/A <
para>Display all password policy state information for the user</
para>
7321N/A <
term><
command>manage-account get-authentication-failure-times</
command></
term>
7321N/A <
para>Display the authentication failure times for the user</
para>
7321N/A <
term><
command>manage-account get-grace-login-use-times</
command></
term>
7321N/A <
para>Display the grace login use times for the user</
para>
7321N/A <
term><
command>manage-account get-last-login-time</
command></
term>
7321N/A <
para>Display the time that the user last authenticated to the server</
para>
7321N/A <
term><
command>manage-account get-password-changed-by-required-time</
command></
term>
7321N/A <
para>Display the required password change time with which the user last
7321N/A <
term><
command>manage-account get-password-changed-time</
command></
term>
7321N/A <
para>Display the time that the user's password was last changed</
para>
7321N/A <
term><
command>manage-account get-password-expiration-warned-time</
command></
term>
7321N/A <
para>Display the time that the user first received an expiration warning
7321N/A <
term><
command>manage-account get-password-history</
command></
term>
7321N/A <
para>Display password history state values for the user</
para>
7321N/A <
term><
command>manage-account get-password-is-reset</
command></
term>
7321N/A <
para>Display information about whether the user will be required to
7321N/A change his or her password on the next successful authentication</
para>
7321N/A <
term><
command>manage-account get-password-policy-dn</
command></
term>
7321N/A <
para>Display the DN of the password policy for the user</
para>
7321N/A <
term><
command>manage-account get-remaining-authentication-failure-count</
command></
term>
7321N/A <
para>Display the number of remaining authentication failures until the
7321N/A user's account is locked</
para>
7321N/A <
term><
command>manage-account get-remaining-grace-login-count</
command></
term>
7321N/A <
para>Display the number of grace logins remaining for the user</
para>
7321N/A <
term><
command>manage-account get-seconds-until-account-expiration</
command></
term>
7321N/A <
para>Display the length of time in seconds until the user account
7321N/A <
term><
command>manage-account get-seconds-until-authentication-failure-unlock</
command></
term>
7321N/A <
para>Display the length of time in seconds until the authentication
7321N/A failure lockout expires</
para>
7321N/A <
term><
command>manage-account get-seconds-until-idle-lockout</
command></
term>
7321N/A <
para>Display the length of time in seconds until user's account is locked
7321N/A because it has remained idle for too long</
para>
7321N/A <
term><
command>manage-account get-seconds-until-password-expiration</
command></
term>
7321N/A <
para>Display length of time in seconds until the user's password expires</
para>
7321N/A <
term><
command>manage-account get-seconds-until-password-expiration-warning</
command></
term>
7321N/A <
para>Display the length of time in seconds until the user should start
7321N/A receiving password expiration warning notices</
para>
7321N/A <
term><
command>manage-account get-seconds-until-password-reset-lockout</
command></
term>
7321N/A <
para>Display the length of time in seconds until user's account is locked
7321N/A because the user failed to change the password in a timely manner after an
7321N/A administrative reset</
para>
7321N/A <
term><
command>manage-account get-seconds-until-required-change-time</
command></
term>
7321N/A <
para>Display the length of time in seconds that the user has remaining to
7321N/A change his or her password before the account becomes locked due to the
7321N/A required change time</
para>
7321N/A <
term><
command>manage-account set-account-is-disabled</
command></
term>
7321N/A <
para>Specify whether the user account has been administratively disabled</
para>
7321N/A <
title>Global Options</
title>
7321N/A <
para>The following global options are supported.</
para>
7321N/A <
term><
option>-b, --targetDN {targetDN}</
option></
term>
7321N/A <
para>The DN of the user entry for which to get and set password policy
7321N/A <
title>LDAP Connection Options</
title>
7321N/A <
term><
option>-D, --bindDN {bindDN}</
option></
term>
7321N/A <
para>DN to use to bind to the server</
para>
7321N/A <
para>Default value: cn=Directory Manager</
para>
7321N/A <
term><
option>-h, --hostname {host}</
option></
term>
7321N/A <
para>Directory server hostname or IP address</
para>
7321N/A <
term><
option>-j, --bindPasswordFile {bindPasswordFile}</
option></
term>
7321N/A <
para>Bind password file</
para>
7321N/A <
term><
option>-K, --keyStorePath {keyStorePath}</
option></
term>
7321N/A <
para>Certificate key store path</
para>
7321N/A <
term><
option>-N, --certNickname {nickname}</
option></
term>
7321N/A <
para>Nickname of certificate for SSL client authentication</
para>
7321N/A <
term><
option>-o, --saslOption {name=value}</
option></
term>
7321N/A <
para>SASL bind options</
para>
7321N/A <
term><
option>-p, --port {port}</
option></
term>
7321N/A <
para>Directory server administration port number</
para>
7321N/A <
para>Default value: 4444</
para>
7321N/A <
term><
option>-P, --trustStorePath {trustStorePath}</
option></
term>
7321N/A <
para>Certificate trust store path</
para>
7321N/A <
term><
option>-T, --trustStorePassword {trustStorePassword}</
option></
term>
7321N/A <
para>Certificate trust store PIN</
para>
7321N/A <
term><
option>-u, --keyStorePasswordFile {keyStorePasswordFile}</
option></
term>
7321N/A <
para>Certificate key store PIN file</
para>
7321N/A <
term><
option>-U, --trustStorePasswordFile {path}</
option></
term>
7321N/A <
para>Certificate trust store PIN file</
para>
7321N/A <
term><
option>-w, --bindPassword {bindPassword}</
option></
term>
7321N/A <
para>Password to use to bind to the server</
para>
7321N/A <
para>Use <
option>-w -</
option> to have the command prompt for the
7321N/A password, rather than enter the password on the command line.</
para>
7321N/A <
term><
option>-W, --keyStorePassword {keyStorePassword}</
option></
term>
7321N/A <
para>Certificate key store PIN</
para>
7321N/A <
term><
option>-X, --trustAll</
option></
term>
7321N/A <
para>Trust all server SSL certificates</
para>
7321N/A <
title>General Options</
title>
7321N/A <
term><
option>-V, --version</
option></
term>
7321N/A <
para>Display version information</
para>
7321N/A <
term><
option>-?, -H, --help</
option></
term>
7321N/A <
para>Display usage information</
para>
7321N/A <
para>The command completed successfully.</
para>
7321N/A <
para>An error occurred while parsing the command-line arguments.</
para>
7321N/A <
para>For the following examples, the directory admin user, Kirsten Vaughan,
7321N/A has <
literal>ds-privilege-name: password-reset</
literal>, and the following
7321N/A ACI on <
literal>ou=People,dc=example,dc=com</
literal>.</
para>
7321N/A <
programlisting language="aci">
7321N/A(target="ldap:///ou=People,dc=example,dc=com") (targetattr ="*||+")(
7321N/A version 3.0;acl "Admins can run amok"; allow(all) groupdn =
7321N/A "ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";)
7321N/A <
para>The following command locks a user account.</
para>
7321N/A$ <
userinput>manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
7321N/A -w bribery set-account-is-disabled -O true \
7321N/A -b uid=bjensen,ou=people,dc=example,dc=com -X</
userinput>
7321N/A<
computeroutput>Account Is Disabled: true</
computeroutput>
7321N/A <
para>The following command unlocks a user account.</
para>
7321N/A$ <
userinput>manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
7321N/A -w bribery clear-account-is-disabled \
7321N/A -b uid=bjensen,ou=people,dc=example,dc=com -X</
userinput>
7321N/A<
computeroutput>Account Is Disabled: false</
computeroutput>