test

Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide

Manually Locking Accounts

Directory Server allows you to configure password policy to force the lockout of accounts after a specified number of failed bind attempts. See Policy for Account Lockout for details. This section covers manual account locking and activation tools that the Directory Manager can use.

The Directory Manager can manage account lockout without using the lockout duration timer. The locked account remains locked until the password is manually reset. The Directory Manager can also render certain accounts inactive for an indefinite period of time.

This section shows how to check account status, render accounts inactive, and reactivate accounts.

ProcedureTo Check Account Status

Check account status as shown here.

Note –

You must bind as the Directory Manager.

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

    Use the ns-accountstatus command to check the status the account or role.

    The following command checks Barbara Jensen's account status:


    $ ns-accountstatus -D "cn=Directory Manager" -j pwd.txt \
 -I uid=bjensen,ou=people,dc=example,dc=com
uid=bjensen,ou=people,dc=example,dc=com activated.
$

    See the ns-accountstatus(1M) man page for details.

ProcedureTo Render Accounts Inactive

Render an account or a role inactive as shown here.

Note –

You must bind as the Directory Manager.

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

    Use the ns-inactivate command to render the account or role inactive.

    The following command renders Barbara Jensen's account inactive:


    $ ns-inactivate -D "cn=Directory Manager" -j pwd.txt \
-I uid=bjensen,ou=people,dc=example,dc=com
uid=bjensen,ou=people,dc=example,dc=com inactivated.
$

    See the ns-inactivate(1M) man page for details.

ProcedureTo Reactivate Accounts

Unlock an account or a role as shown here.

Note –

You must bind as the Directory Manager.

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

    Use the ns-activate command to reactivate the account or role.

    The following command renders Barbara Jensen's account active again:


    $ ns-activate -D "cn=Directory Manager" -j pwd.txt \
-I uid=bjensen,ou=people,dc=example,dc=com
uid=bjensen,ou=people,dc=example,dc=com activated.
$

    ns-activate(1M) man page for details.