This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Account Usability Request Control
Account Usability Request Control

Version management

Difference between version and

At line 1 added 46 lines
!!! Overview
The account usability [supportedControl] provides a pair of request and response controls that can be used to determine whether a user account may be used for authenticating to the server.
The request control has an [OID] of [1.3.6.1.4.1.42.2.27.9.5.8] and does not include a value. It should only be included in [search request|SearchRequest] messages.
The corresponding response control has an OID of [1.3.6.1.4.1.42.2.27.9.5.8] (the same as the request control), and it will be included in any search result entry messages for a search request that includes the account usability request control.
The value for the account usability response control will be encoded as follows:
{{{ACCOUNT_USABLE_RESPONSE ::= CHOICE {
is_available [0] INTEGER, -- Seconds before expiration --
is_not_available [1] MORE_INFO }
MORE_INFO ::= SEQUENCE {
inactive [0] BOOLEAN DEFAULT FALSE,
reset [1] BOOLEAN DEFAULT FALSE,
expired [2] BOOLEAN DEFAULT_FALSE,
remaining_grace [3] INTEGER OPTIONAL,
seconds_before_unlock [4] INTEGER OPTIONAL } }}}
If the user account is available:
* then the control will include the number of [seconds] until the user's [password] expires, or -1 if password expiration is not enabled.
If the user's account is not available:
* then the control will provide the reason it is unavailable.
!! [Example]
To Search Using the Account Usability Request Control
You can specify the Account Usability Request Control with ldapsearch in the following ways:
* OID. Use the --control or -J option with the Account Usability Request Control OID: 1.3.6.1.4.1.42.2.27.9.5.8 with no value.
* Named constant. Use a named constant, accountusable or accountusability, with the --control or -J option, instead of using the Account Usability Request Control OID. For example, use -J accountusable or -J accountusability with the ldapsearch command.
[Example] using the ldapsearch command with the --control option or its short form -J:
%%prettify
{{{
$ ldapsearch -h localhost -p 1389 -b "dc=example,dc=com" --searchScope sub -J "accountusability:true" "(objectclass=*)"
# Account Usability Response Control
# The account is usable
dn: dc=example,dc=com
objectClass: domain
objectClass: top
dc: example
}}} /%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop