Finding out if LDAP user in Sun Directory Server 5.2 is locked out, in Java

views:

576

answers:

+2 Q:

Finding out if LDAP user in Sun Directory Server 5.2 is locked out, in Java

I'm developing an application using Java, Tomcat, Spring Framework and Spring LDAP 1.2.1 for LDAP access.

According to our LDAP administrator, it is not possible to find out programmatically, if a specific user is locked out in the directory - the user is just not returned. This makes life difficult for me, as I need to identify locked out users.

Is our administrator right, or is it possible somehow to find out, if a particular user is locked out? If yes, how?

+2 A:

I'll answer myself: turns out there is an attribute nsaccountlock, which can be used for this purpose. Binding with the locked out user is not possible, but searching is.

2008-11-11 14:16:26

+1 A:

the passwordretryount attribute also suggests if an account is locked or not. Typically, the LDAP is configured to allow up to 3 login attempts. If all 3 attempts failed, the paswordretrycount will be set to 3. Having a value of 0 means the account is not locked.

getty 2010-04-18 11:19:33

ansaurus

tags:

views:

answers:

Finding out if LDAP user in Sun Directory Server 5.2 is locked out, in Java

related questions