man/man1/manage-account.1

 t
 Title: manage-account
 Author:
 Generator: DocBook XSL-NS Stylesheets v1.76.1 <http://docbook.sf.net/>
 Date: 03/21/2012
 Manual: Tools Reference
 Source: OpenDJ 2.5.0
 Language: English

 "MANAGE-ACCOUNT" "1" "03/21/2012" "OpenDJ 2.5.0" "Tools Reference"
 -----------------------------------------------------------------
 * Define some portability stuff
 -----------------------------------------------------------------
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 http://bugs.debian.org/507673
 http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 -----------------------------------------------------------------
 * set default formatting
 -----------------------------------------------------------------
 disable hyphenation
 disable justification (adjust text to left margin only)
 -----------------------------------------------------------------
 * MAIN CONTENT STARTS HERE *
 -----------------------------------------------------------------
 "NAME"
manage-account - manage state of directory server accounts
 "SYNOPSIS"
 \w'manage-accountsubcommand 'u
manage-accountsubcommand {options}
 "DESCRIPTION"

This utility can be used to retrieve and manipulate the values of password policy state variables.
 "SUBCOMMANDS"

The following subcommands are supported.

manage-account clear-account-is-disabled

Clear account disabled state information from the user account


manage-account get-account-expiration-time

Display when the user account will expire


manage-account get-account-is-disabled

Display information about whether the user account has been administratively disabled


manage-account get-all

Display all password policy state information for the user


manage-account get-authentication-failure-times

Display the authentication failure times for the user


manage-account get-grace-login-use-times

Display the grace login use times for the user


manage-account get-last-login-time

Display the time that the user last authenticated to the server


manage-account get-password-changed-by-required-time

Display the required password change time with which the user last complied


manage-account get-password-changed-time

Display the time that the user\*(Aqs password was last changed


manage-account get-password-expiration-warned-time

Display the time that the user first received an expiration warning notice


manage-account get-password-history

Display password history state values for the user


manage-account get-password-is-reset

Display information about whether the user will be required to change his or her password on the next successful authentication


manage-account get-password-policy-dn

Display the DN of the password policy for the user


manage-account get-remaining-authentication-failure-count

Display the number of remaining authentication failures until the user\*(Aqs account is locked


manage-account get-remaining-grace-login-count

Display the number of grace logins remaining for the user


manage-account get-seconds-until-account-expiration

Display the length of time in seconds until the user account expires


manage-account get-seconds-until-authentication-failure-unlock

Display the length of time in seconds until the authentication failure lockout expires


manage-account get-seconds-until-idle-lockout

Display the length of time in seconds until user\*(Aqs account is locked because it has remained idle for too long


manage-account get-seconds-until-password-expiration

Display length of time in seconds until the user\*(Aqs password expires


manage-account get-seconds-until-password-expiration-warning

Display the length of time in seconds until the user should start receiving password expiration warning notices


manage-account get-seconds-until-password-reset-lockout

Display the length of time in seconds until user\*(Aqs account is locked because the user failed to change the password in a timely manner after an administrative reset


manage-account get-seconds-until-required-change-time

Display the length of time in seconds that the user has remaining to change his or her password before the account becomes locked due to the required change time


manage-account set-account-is-disabled

Specify whether the user account has been administratively disabled

 "GLOBAL OPTIONS"

The following global options are supported.

-b, --targetDN {targetDN}

The DN of the user entry for which to get and set password policy state information

 "LDAP Connection Options"

-D, --bindDN {bindDN}

DN to use to bind to the server
Default value: cn=Directory Manager


-h, --hostname {host}

Directory server hostname or IP address
Default value: localhost.localdomain


-j, --bindPasswordFile {bindPasswordFile}

Bind password file


-K, --keyStorePath {keyStorePath}

Certificate key store path


-N, --certNickname {nickname}

Nickname of certificate for SSL client authentication


-o, --saslOption {name=value}

SASL bind options


-p, --port {port}

Directory server administration port number
Default value: 4444


-P, --trustStorePath {trustStorePath}

Certificate trust store path


-T, --trustStorePassword {trustStorePassword}

Certificate trust store PIN


-u, --keyStorePasswordFile {keyStorePasswordFile}

Certificate key store PIN file


-U, --trustStorePasswordFile {path}

Certificate trust store PIN file


-w, --bindPassword {bindPassword}

Password to use to bind to the server
Use
-w -
to have the command prompt for the password, rather than enter the password on the command line.


-W, --keyStorePassword {keyStorePassword}

Certificate key store PIN


-X, --trustAll

Trust all server SSL certificates

 "General Options"

-V, --version

Display version information


-?, -H, --help

Display usage information

 "EXIT CODES"

0

The command completed successfully.


89

An error occurred while parsing the command-line arguments.

 "EXAMPLES"

For the following examples, the directory admin user, Kirsten Vaughan, has
ds-privilege-name: password-reset, and the following ACI on
ou=People,dc=example,dc=com.

.\}
(target="ldap:///ou=People,dc=example,dc=com") (targetattr ="*||+")(
 version 3.0;acl "Admins can run amok"; allow(all) groupdn =
 "ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";)


.\}

The following command locks a user account.

.\}
$ manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com"
 -w bribery set-account-is-disabled -O true
 -b uid=bjensen,ou=people,dc=example,dc=com -X
Account Is Disabled: true


.\}

The following command unlocks a user account.

.\}
$ manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com"
 -w bribery clear-account-is-disabled
 -b uid=bjensen,ou=people,dc=example,dc=com -X
Account Is Disabled: false


.\}
 "COPYRIGHT"

Copyright \(co 2011-2012 ForgeRock AS