2011-2012ForgeRock AS manage-account1 OpenDJ manage-account manage state of directory server accounts manage-account subcommand options This utility can be used to retrieve and manipulate the values of password policy state variables. The following subcommands are supported. manage-account clear-account-is-disabled Clear account disabled state information from the user account manage-account get-account-expiration-time Display when the user account will expire manage-account get-account-is-disabled Display information about whether the user account has been administratively disabled manage-account get-all Display all password policy state information for the user manage-account get-authentication-failure-times Display the authentication failure times for the user manage-account get-grace-login-use-times Display the grace login use times for the user manage-account get-last-login-time Display the time that the user last authenticated to the server manage-account get-password-changed-by-required-time Display the required password change time with which the user last complied manage-account get-password-changed-time Display the time that the user's password was last changed manage-account get-password-expiration-warned-time Display the time that the user first received an expiration warning notice manage-account get-password-history Display password history state values for the user manage-account get-password-is-reset Display information about whether the user will be required to change his or her password on the next successful authentication manage-account get-password-policy-dn Display the DN of the password policy for the user manage-account get-remaining-authentication-failure-count Display the number of remaining authentication failures until the user's account is locked manage-account get-remaining-grace-login-count Display the number of grace logins remaining for the user manage-account get-seconds-until-account-expiration Display the length of time in seconds until the user account expires manage-account get-seconds-until-authentication-failure-unlock Display the length of time in seconds until the authentication failure lockout expires manage-account get-seconds-until-idle-lockout Display the length of time in seconds until user's account is locked because it has remained idle for too long manage-account get-seconds-until-password-expiration Display length of time in seconds until the user's password expires manage-account get-seconds-until-password-expiration-warning Display the length of time in seconds until the user should start receiving password expiration warning notices manage-account get-seconds-until-password-reset-lockout Display the length of time in seconds until user's account is locked because the user failed to change the password in a timely manner after an administrative reset manage-account get-seconds-until-required-change-time Display the length of time in seconds that the user has remaining to change his or her password before the account becomes locked due to the required change time manage-account set-account-is-disabled Specify whether the user account has been administratively disabled The following global options are supported. -b, --targetDN {targetDN} The DN of the user entry for which to get and set password policy state information -D, --bindDN {bindDN} DN to use to bind to the server Default value: cn=Directory Manager -h, --hostname {host} Directory server hostname or IP address Default value: localhost.localdomain -j, --bindPasswordFile {bindPasswordFile} Bind password file -K, --keyStorePath {keyStorePath} Certificate key store path -N, --certNickname {nickname} Nickname of certificate for SSL client authentication -o, --saslOption {name=value} SASL bind options -p, --port {port} Directory server administration port number Default value: 4444 -P, --trustStorePath {trustStorePath} Certificate trust store path -T, --trustStorePassword {trustStorePassword} Certificate trust store PIN -u, --keyStorePasswordFile {keyStorePasswordFile} Certificate key store PIN file -U, --trustStorePasswordFile {path} Certificate trust store PIN file -w, --bindPassword {bindPassword} Password to use to bind to the server Use -w - to have the command prompt for the password, rather than enter the password on the command line. -W, --keyStorePassword {keyStorePassword} Certificate key store PIN -X, --trustAll Trust all server SSL certificates -V, --version Display version information -?, -H, --help Display usage information 0 The command completed successfully. 89 An error occurred while parsing the command-line arguments. For the following examples, the directory admin user, Kirsten Vaughan, has ds-privilege-name: password-reset, and the following ACI on ou=People,dc=example,dc=com. (target="ldap:///ou=People,dc=example,dc=com") (targetattr ="*||+")( version 3.0;acl "Admins can run amok"; allow(all) groupdn = "ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";) The following command locks a user account. $ manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" -w bribery set-account-is-disabled -O true -b uid=bjensen,ou=people,dc=example,dc=com -X Account Is Disabled: true The following command unlocks a user account. $ manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" -w bribery clear-account-is-disabled -b uid=bjensen,ou=people,dc=example,dc=com -X Account Is Disabled: false