This section covers disabling and enabling accounts by using the manage-account command. Password reset is covered in the chapter on performing LDAP operations.
For the following examples, the directory admin user, Kirsten Vaughan,
has ds-privilege-name: password-reset, and the following
ACI on ou=People,dc=example,dc=com.
(target="ldap:///ou=People,dc=example,dc=com") (targetattr ="*||+")( version 3.0;acl "Admins can run amok"; allow(all) groupdn = "ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";)
Procedure 12.1. To Disable an Account
-
Set the account status to disabled with the manage-account command.
$ manage-account set-account-is-disabled --port 4444 --bindDN "uid=kvaughan,ou=people,dc=example,dc=com" --bindPassword bribery --operationValue true --targetDN uid=bjensen,ou=people,dc=example,dc=com --trustAll Account Is Disabled: true
Procedure 12.2. To Activate a Disabled Account
-
Clear the disabled status using the manage-account command.
$ manage-account clear-account-is-disabled --port 4444 --bindDN "uid=kvaughan,ou=people,dc=example,dc=com" --bindPassword bribery --targetDN uid=bjensen,ou=people,dc=example,dc=com --trustAll Account Is Disabled: false
