Overview[1] #
PwdAccountLockedTime is defined in Draft-behera-ldap-password-policy as attribute holds the time that the user's account was locked.A locked account means that the password may no longer be used to authenticate.
- A 000001010000Z value means that the account has been Administratively Disabled, and that only a password administrator can unlock the account.
- other values indicate the Timestampthat the user's account was locked by Intruder Detection
LDAP Attribute Definition#
The PwdAccountLockedTime AttributeTypes is defined as:- OID of 1.3.6.1.4.1.42.2.27.8.1.17
- NAME: PwdAccountLockedTime
- DESC: 'The time an user account was locked'
- OBSOLETE flag (only if present)
- Supertype:
- (only if present)
- EQUALITY: GeneralizedTimeMatch
- ORDERING: GeneralizedTimeOrderingMatch
- SYNTAX: 1.3.6.1.4.1.1466.115.121.1.24
- SINGLE-VALUE
- NO-USER-MODIFICATION
- USAGE: UserApplications
- Extended Flags:
- Used as MUST in:
- Used as MAY in:
EDirectory#
PwdAccountLockedTime, For EDirectory, is cleared upon a successful login following an Intruder Detection.More Information #
There might be more information for this subject on one of the following:- 1.3.6.1.4.1.42.2.27.8.1.17
- 2.16.840.1.113719.1.1.6.1.33
- Administratively Disabled
- Draft-behera-ldap-password-policy
- Locked Account Check
- Locked By Intruder
- NdsLoginProperties
- NspmPasswordAux
- Password Policy State Information
- SCIM Password Management Extension