<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
The account usability [supportedControl] provides a pair of request and response controls that can be used to determine whether a user account may be used for authenticating to the server.

The request control has an [OID] of [1.3.6.1.4.1.42.2.27.9.5.8] and does not include a value.  It should only be included in [search request|SearchRequest] messages.

The corresponding response control has an OID of [1.3.6.1.4.1.42.2.27.9.5.8] (the same as the request control), and it will be included in any search result entry messages for a search request that includes the account usability request control.

The value for the account usability response control will be encoded as follows:

{{{ACCOUNT_USABLE_RESPONSE ::= CHOICE {
     is_available           [0] INTEGER, -- Seconds before expiration --
     is_not_available       [1] MORE_INFO }

MORE_INFO ::= SEQUENCE {
     inactive               [0] BOOLEAN DEFAULT FALSE,
     reset                  [1] BOOLEAN DEFAULT FALSE,
     expired                [2] BOOLEAN DEFAULT_FALSE,
     remaining_grace        [3] INTEGER OPTIONAL,
     seconds_before_unlock  [4] INTEGER OPTIONAL } }}}

If the user account is available:
* then the control will include the number of [seconds] until the user's [password] expires, or -1 if password expiration is not enabled.  
If the user's account is not available:
* then the control will provide the reason it is unavailable.

!! [Example] 
To Search Using the Account Usability Request Control

You can specify the Account Usability Request Control with ldapsearch in the following ways:
* OID. Use the --control or -J option with the Account Usability Request Control OID: 1.3.6.1.4.1.42.2.27.9.5.8 with no value.
* Named constant. Use a named constant, accountusable or accountusability, with the --control or -J option, instead of using the Account Usability Request Control OID. For example, use -J accountusable or -J accountusability with the ldapsearch command.

[Example] using the ldapsearch command with the --control option or its short form -J:
%%prettify 
{{{
$ ldapsearch -h localhost -p 1389 -b &quot;dc=example,dc=com&quot; --searchScope sub -J &quot;accountusability:true&quot; &quot;(objectclass=*)&quot;
# Account Usability Response Control
# The account is usable
dn: dc=example,dc=com
objectClass: domain
objectClass: top
dc: example
}}} /%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>