Question:
Is there a way to get all the pwdAccountLockedTime values associated with all locked users?
I am familiar with ldapjs's client search function, but I do not know base to search and what filter to use to get the pwdAccountLockedTime associated with a user.
Background
I'm trying to remove the pwdAccountLockedTime attribute from a user to unlock the user from my node.js server using ldapjs's client API.
I have an openldap server running that has a directory laid out like this:
-> Root stuff
-> dc=example,dc=com
-> cn=Manager (The olcRootDN)
-> ou=User
-> *Several entries with objectClasses {posixAccount, shadowAccount, inetOrgPerson}*
-> ou=Policies
-> *pwdPolicy with some default password policies
I have been able to successfully lock out users that try to login in with invalid credentials. I am trying to unlock the users by using ldapjs to delete the pwdAccountLockedTime attribute like this:
var dn = 'uid=' + username + 'ou=User,dc=example,dc=com'
var changes = new ldap.Change({
operation: 'delete',
modifications: {
pwdAccountLockedTime: '' // should be current value. Q: How do I get this?
}
});
ldapClient.modify(dn, changes, function(err) {
if (err) {
console.log(err.message);
}
});
I am receiving error message:
'value #0 invalid per syntax'
I believe I getting this error because I do no provide the current value of pwdAccountLockedTime in the modification object. Although it is unclear to me why I need to provide the current value of pwdAccountLockedTime, I need to figure out how to find the pwdAccountLockedTime value associated with my user.
via hededo
No comments:
Post a Comment