Reputation:
Finding out if LDAP user in Sun Directory Server 5.2 is locked out, in Java
I'm developing an application using Java, Tomcat, Spring Framework and Spring LDAP 1.2.1 for LDAP access.
According to our LDAP administrator, it is not possible to find out programmatically, if a specific user is locked out in the directory - the user is just not returned. This makes life difficult for me, as I need to identify locked out users.
Is our administrator right, or is it possible somehow to find out, if a particular user is locked out? If yes, how?
Upvotes: 3
Views: 1968
Answers (2)
Reputation: 21
the passwordretryount attribute also suggests if an account is locked or not. Typically, the LDAP is configured to allow up to 3 login attempts. If all 3 attempts failed, the paswordretrycount will be set to 3. Having a value of 0 means the account is not locked.
Upvotes: 2
Reputation:
I'll answer myself: turns out there is an attribute nsaccountlock, which can be used for this purpose. Binding with the locked out user is not possible, but searching is.
Upvotes: 3
Related Questions
- Spring ldap unlocking an account
- Spring 5, get info from LDAP (AD)
- How to deep into the LDAP tree to find a user who can authenticate in spring ldap security
- Spring-Security-Ldap - How to report Locked Account
- Check for user logged in with Active Directory in Java application
- How to check user password in ldap whith java with given LdapContext?
- How to check if a user is in an LDAP group
- Detect if active directory user must reset his password through Java
- Spring security ldap ad authentication
- verify LDAP user password in Java