manage-account — manage state of OpenDJ server accounts
manage-account
{subcommand} {options}
This utility can be used to retrieve and manipulate the values of password policy state variables.
The manage-account command takes the following options:
Command options:
-b | --targetDN {targetDN}
The DN of the user entry for which to get and set password policy state information.
LDAP connection options:
-D | --bindDN {bindDN}
The DN to use to bind to the server.
-h | --hostname {host}
Directory server hostname or IP address.
Default: localhost.localdomain
-j | --bindPasswordFile {bindPasswordFile}
The path to the file containing the bind password.
-K | --keyStorePath {keyStorePath}
Certificate key store path.
-N | --certNickname {nickname}
Nickname of certificate for SSL client authentication.
-o | --saslOption {name=value}
SASL bind options.
-p | --port {port}
Directory server administration port number.
Default: 4444
-P | --trustStorePath {trustStorePath}
Certificate trust store path.
-T | --trustStorePassword {trustStorePassword}
Certificate trust store PIN.
-u | --keyStorePasswordFile {keyStorePasswordFile}
Certificate key store PIN file.
-U | --trustStorePasswordFile {path}
Certificate trust store PIN file.
-w | --bindPassword {bindPassword}
The password to use to bind to the server.
-W | --keyStorePassword {keyStorePassword}
Certificate key store PIN.
-X | --trustAll
Trust all server SSL certificates.
Default: false
Utility input/output options:
-v | --verbose
Use verbose mode.
Default: false
General options:
-V | --version
Display Directory Server version information.
Default: false
-H | --help
Display this usage information.
Default: false
The manage-account command supports the following subcommands:
Clear account disabled state information from the user account.
Display information about whether the user account has been administratively disabled.
Display the authentication failure times for the user.
Display the required password change time with which the user last complied.
Display the time that the user's password was last changed.
Display the time that the user first received an expiration warning notice.
Display information about whether the user will be required to change his or her password on the next successful authentication.
Display the number of remaining authentication failures until the user's account is locked.
Display the number of grace logins remaining for the user.
Display the length of time in seconds until the user account expires.
Display the length of time in seconds until the authentication failure lockout expires.
Display the length of time in seconds until user's account is locked because it has remained idle for too long.
Display length of time in seconds until the user's password expires.
Display the length of time in seconds until the user should start receiving password expiration warning notices.
Display the length of time in seconds until user's account is locked because the user failed to change the password in a timely manner after an administrative reset.
Display the length of time in seconds that the user has remaining to change his or her password before the account becomes locked due to the required change time.
The command completed successfully.
An error occurred while parsing the command-line arguments.
For the following examples the directory admin user, Kirsten Vaughan,
has ds-privilege-name: password-reset
and the following ACI on ou=People,dc=example,dc=com
.
(target="ldap:///ou=People,dc=example,dc=com") (targetattr ="*||+")( version 3.0;acl "Admins can run amok"; allow(all) groupdn = "ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";)
The following command locks a user account.
$manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" \ -w bribery set-account-is-disabled -O true \ -b uid=bjensen,ou=people,dc=example,dc=com -X
Account Is Disabled: true
The following command unlocks a user account.
$manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" \ -w bribery clear-account-is-disabled \ -b uid=bjensen,ou=people,dc=example,dc=com -X
Account Is Disabled: false