directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <>
Subject Re: Using REST API to get user's locked and reset states
Date Thu, 01 Jun 2017 22:12:13 GMT
Welcome Dave,

Can you export that corresponding user entry into ldif and post it here?   We’ll need to
see the operational attributes before trying to figure out where the problem is.  

For example, here’s an export I did of test user ‘foo1’.  You can see that I’ve put
that user’s account into both a locked and reset state (in openldap).

You can also see this user’s password policy is ‘test1’.

dn: uid=foo1,ou=People,dc=example,dc=com
objectClass: extensibleObject
objectClass: ftMods
objectClass: ftProperties
objectClass: ftUserAttrs
objectClass: inetOrgPerson
objectClass: top
cn: foo1
ftId: fdc4a7f3-62f7-47d4-aac4-bac4b7cdb551
sn: fighter
description: foo fighter
displayName: foo1
ftCstr: foo1$0$$$$$$$
ftProps: initAttrArrays:
ou: dev1
uid: foo1
userPassword:: e1NTSEF9UVQ0K21NdE5lYTBwckFRTC96QlQ2akZrK1ZESTIxd3E=
createTimestamp: 20170601212713Z
creatorsName: cn=Manager,dc=example,dc=com
entryCSN: 20170601213012.870902Z#000000#000#000000
entryDN: uid=foo1,ou=People,dc=example,dc=com
hasSubordinates: FALSE
modifiersName: cn=Manager,dc=example,dc=com
modifyTimestamp: 20170601213012Z
pwdAccountLockedTime: 000001010000Z
pwdChangedTime: 20170601212844Z
pwdHistory:: MjAxNzA2MDEyMTI4NDRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
pwdPolicySubentry: cn=test1,ou=Policies,dc=example,dc=com
pwdReset: TRUE
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema


> On Jun 1, 2017, at 10:57 AM, David Erie (US) <> wrote:
> Hello,
> We're evaluating Fortress with ApacheDS, and I'm trying to get a user's account status
(locked and reset, specifically) via the REST API for a user whose account is locked and whose
password has been reset.
> What I get back is this:
> <entity xmlns:xsi="" xsi:type="user">
> ..
>                <userId>dave</userId>
>                <locked>false</locked>
>                <reset>false</reset>
> ..
> </entity>
> How can I tell that a user's account has been locked or reset when these Boolean properties
don't seem to contain the correct information?
> Thank you,
> Dave

View raw message