directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <smckin...@apache.org>
Subject Re: Using REST API to get user's locked and reset states
Date Thu, 01 Jun 2017 22:12:13 GMT
Welcome Dave,

Can you export that corresponding user entry into ldif and post it here?   We’ll need to
see the operational attributes before trying to figure out where the problem is.  

For example, here’s an export I did of test user ‘foo1’.  You can see that I’ve put
that user’s account into both a locked and reset state (in openldap).

You can also see this user’s password policy is ‘test1’.

dn: uid=foo1,ou=People,dc=example,dc=com
objectClass: extensibleObject
objectClass: ftMods
objectClass: ftProperties
objectClass: ftUserAttrs
objectClass: inetOrgPerson
objectClass: top
cn: foo1
ftId: fdc4a7f3-62f7-47d4-aac4-bac4b7cdb551
sn: fighter
description: foo fighter
displayName: foo1
ftCstr: foo1$0$$$$$$$
ftProps: initAttrArrays:
ou: dev1
uid: foo1
userPassword:: e1NTSEF9UVQ0K21NdE5lYTBwckFRTC96QlQ2akZrK1ZESTIxd3E=
createTimestamp: 20170601212713Z
creatorsName: cn=Manager,dc=example,dc=com
entryCSN: 20170601213012.870902Z#000000#000#000000
entryDN: uid=foo1,ou=People,dc=example,dc=com
entryUUID:: ZDJlMDE3YjItZGI1Yy0xMDM2LThlMzMtNTkzZmZmYzA1ODU4
hasSubordinates: FALSE
modifiersName: cn=Manager,dc=example,dc=com
modifyTimestamp: 20170601213012Z
pwdAccountLockedTime: 000001010000Z
pwdChangedTime: 20170601212844Z
pwdHistory:: MjAxNzA2MDEyMTI4NDRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXlSVm5jMjVUUThZN2libnVuVEpUR2VVY1pYeFBCdjFR
pwdPolicySubentry: cn=test1,ou=Policies,dc=example,dc=com
pwdReset: TRUE
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema



thanks
Shawn





> On Jun 1, 2017, at 10:57 AM, David Erie (US) <David.Erie@datapath.com> wrote:
> 
> Hello,
> We're evaluating Fortress with ApacheDS, and I'm trying to get a user's account status
(locked and reset, specifically) via the REST API for a user whose account is locked and whose
password has been reset.
> 
> What I get back is this:
> 
> <entity xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="user">
> ..
>                <userId>dave</userId>
>                <locked>false</locked>
>                <reset>false</reset>
> ..
> </entity>
> 
> How can I tell that a user's account has been locked or reset when these Boolean properties
don't seem to contain the correct information?
> 
> Thank you,
> Dave


Mime
View raw message