external-software/github_OpenIdentityPlatform_OpenDJ.git

			@@ -35,72 +35,333 @@
			</refmeta>
			<refnamediv>
			<refname>manage-account</refname>
			<refpurpose>TODO one-line description</refpurpose>
			<refpurpose>manage state of directory server accounts</refpurpose>
			</refnamediv>
			<refsynopsisdiv>
			<cmdsynopsis>
			<command>manage-account</command>
			<command><replaceable>subcommand</replaceable></command>
			<arg choice="opt">--options</arg>
			<arg choice="req">options</arg>
			</cmdsynopsis>
			</refsynopsisdiv>
			<refsect1>
			<title>Description</title>
			<para>TODO description.</para>
			<para>This utility can be used to retrieve and manipulate the values of
			password policy state variables.</para>
			</refsect1>
			<refsect1>
			<title>Subcommands</title>
			<para>The following subcommands are supported.</para>
			<variablelist>
			<varlistentry>
			<term><command>manage-account clear-account-is-disabled</command></term>
			<listitem>
			<para>Clear account disabled state information from the user account</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-account-expiration-time</command></term>
			<listitem>
			<para>Display when the user account will expire</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-account-is-disabled</command></term>
			<listitem>
			<para>Display information about whether the user account has been
			administratively disabled</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-all</command></term>
			<listitem>
			<para>Display all password policy state information for the user</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-authentication-failure-times</command></term>
			<listitem>
			<para>Display the authentication failure times for the user</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-grace-login-use-times</command></term>
			<listitem>
			<para>Display the grace login use times for the user</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-last-login-time</command></term>
			<listitem>
			<para>Display the time that the user last authenticated to the server</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-password-changed-by-required-time</command></term>
			<listitem>
			<para>Display the required password change time with which the user last
			complied</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-password-changed-time</command></term>
			<listitem>
			<para>Display the time that the user's password was last changed</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-password-expiration-warned-time</command></term>
			<listitem>
			<para>Display the time that the user first received an expiration warning
			notice</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-password-history</command></term>
			<listitem>
			<para>Display password history state values for the user</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-password-is-reset</command></term>
			<listitem>
			<para>Display information about whether the user will be required to
			change his or her password on the next successful authentication</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-password-policy-dn</command></term>
			<listitem>
			<para>Display the DN of the password policy for the user</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-remaining-authentication-failure-count</command></term>
			<listitem>
			<para>Display the number of remaining authentication failures until the
			user's account is locked</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-remaining-grace-login-count</command></term>
			<listitem>
			<para>Display the number of grace logins remaining for the user</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-seconds-until-account-expiration</command></term>
			<listitem>
			<para>Display the length of time in seconds until the user account
			expires</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-seconds-until-authentication-failure-unlock</command></term>
			<listitem>
			<para>Display the length of time in seconds until the authentication
			failure lockout expires</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-seconds-until-idle-lockout</command></term>
			<listitem>
			<para>Display the length of time in seconds until user's account is locked
			because it has remained idle for too long</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-seconds-until-password-expiration</command></term>
			<listitem>
			<para>Display length of time in seconds until the user's password expires</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-seconds-until-password-expiration-warning</command></term>
			<listitem>
			<para>Display the length of time in seconds until the user should start
			receiving password expiration warning notices</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-seconds-until-password-reset-lockout</command></term>
			<listitem>
			<para>Display the length of time in seconds until user's account is locked
			because the user failed to change the password in a timely manner after an
			administrative reset</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account get-seconds-until-required-change-time</command></term>
			<listitem>
			<para>Display the length of time in seconds that the user has remaining to
			change his or her password before the account becomes locked due to the
			required change time</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><command>manage-account set-account-is-disabled</command></term>
			<listitem>
			<para>Specify whether the user account has been administratively disabled</para>
			</listitem>
			</varlistentry>
			</variablelist>
			</refsect1>
			<refsect1>
			<title>Global Options</title>
			<para>The following global options are supported.</para>
			<variablelist>
			<varlistentry>
			<term><option>TODO</option></term>
			<term><option>-b, --targetDN {targetDN}</option></term>
			<listitem>
			<para>TODO Description.</para>
			<para>The DN of the user entry for which to get and set password policy
			state information</para>
			</listitem>
			</varlistentry>
			</variablelist>
			</refsect1>
			<refsect1>
			<title>Subcommands</title>
			<para>The following subcommands are supported.</para>
			<refsect2>
			<para>TODO Description.</para>
			<cmdsynopsis>
			<command>manage-account</command>
			<command>TODO</command>
			<arg choice="opt">--options</arg>
			</cmdsynopsis>
			<title>LDAP Connection Options</title>
			<variablelist>
			<varlistentry>
			<term><option>TODO</option></term>
			<term><option>-D, --bindDN {bindDN}</option></term>
			<listitem>
			<para>TODO description.</para>
			<para>DN to use to bind to the server</para>
			<para>Default value: cn=Directory Manager</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-h, --hostname {host}</option></term>
			<listitem>
			<para>Directory server hostname or IP address</para>
			<para>Default value: localhost.localdomain</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-j, --bindPasswordFile {bindPasswordFile}</option></term>
			<listitem>
			<para>Bind password file</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-K, --keyStorePath {keyStorePath}</option></term>
			<listitem>
			<para>Certificate key store path</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-N, --certNickname {nickname}</option></term>
			<listitem>
			<para>Nickname of certificate for SSL client authentication</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-o, --saslOption {name=value}</option></term>
			<listitem>
			<para>SASL bind options</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-p, --port {port}</option></term>
			<listitem>
			<para>Directory server administration port number</para>
			<para>Default value: 4444</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-P, --trustStorePath {trustStorePath}</option></term>
			<listitem>
			<para>Certificate trust store path</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-T, --trustStorePassword {trustStorePassword}</option></term>
			<listitem>
			<para>Certificate trust store PIN</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-u, --keyStorePasswordFile {keyStorePasswordFile}</option></term>
			<listitem>
			<para>Certificate key store PIN file</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-U, --trustStorePasswordFile {path}</option></term>
			<listitem>
			<para>Certificate trust store PIN file</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-w, --bindPassword {bindPassword}</option></term>
			<listitem>
			<para>Password to use to bind to the server</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-W, --keyStorePassword {keyStorePassword}</option></term>
			<listitem>
			<para>Certificate key store PIN</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-X, --trustAll</option></term>
			<listitem>
			<para>Trust all server SSL certificates</para>
			</listitem>
			</varlistentry>
			</variablelist>
			</refsect2>
			<refsect2>
			<title>General Options</title>
			<variablelist>
			<varlistentry>
			<term><option>-V, --version</option></term>
			<listitem>
			<para>Display version information</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><option>-?, -H, --help</option></term>
			<listitem>
			<para>Display usage information</para>
			</listitem>
			</varlistentry>
			</variablelist>
			</refsect2>
			</refsect1>
			<refsect1>
			<title>Files</title>
			<para>TODO if command has configuration file.</para>
			</refsect1>
			<refsect1>
			<title>Environment</title>
			<para>TODO if command reads environment variables.</para>
			</refsect1>
			<refsect1>
			<title>Exit Codes</title>
			<variablelist>
			<varlistentry>
			<term>TODO exit code</term>
			<term>0</term>
			<listitem>
			<para>TODO description.</para>
			<para>The command completed successfully.</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term>89</term>
			<listitem>
			<para>An error occurred while parsing the command-line arguments.</para>
			</listitem>
			</varlistentry>
			</variablelist>
			</refsect1>
			<refsect1>
			<title>Examples</title>
			<para>TODO</para>
			<para>For the following examples, the directory admin user, Kirsten Vaughan,
			has <literal>ds-privilege-name: password-reset</literal>, and the following
			ACI on <literal>ou=People,dc=example,dc=com</literal>.</para>
			<literallayout>(target="ldap:///ou=People,dc=example,dc=com") (targetattr ="*\|\|+")(
			version 3.0;acl "Admins can run amok"; allow(all) groupdn =
			"ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";)</literallayout>
			<para>The following command locks a user account.</para>
			<screen width="80">$ manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
			> -w bribery set-account-is-disabled -O true \
			> -b uid=bjensen,ou=people,dc=example,dc=com -X
			Account Is Disabled: true</screen>
			<para>The following command unlocks a user account.</para>
			<screen width="80">$ manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" \
			> -w bribery clear-account-is-disabled \
			> -b uid=bjensen,ou=people,dc=example,dc=com -X
			Account Is Disabled: false</screen>
			</refsect1>
			</refentry>