Hello,
I've written a rather nice and comprehensive PHP-based frontend for OSX server, however one issue I have is that I can only check whether a user is enabled or disabled one at a time, and only by calling into the server as root and issuing the below command (in this example to check mdavid) and then parsing the line to check if isDisabled=1 (locked) or =0 (unlocked).
pwpolicy -a diradmin -p <diradmin pw> -u mdavid -getpolicy
However, this means in my web user list, I will always list everyone (we have over 2,000 disabled users on our mail server) and on top of that won't be able to show status at least without doing many, many commands.
In best case, I'd be able to get this information from LDAP. I saw in the Apple Open Directory Admin 10.5 2nd Edition manual that there's some attribute called apple-user-passwordpolicy ... but I can't find it anywhere in LDAP! Do I have to do something special to enable this?
Failing that, under linux, the command "passwd -a -S" prints a list of all users and a code P/L (L is locked) as well as pwd expiration data. This style of using one command to get the status for everyone would also be sufficient.
Anyone have any ideas? Any help would be greatly appreciated.
Thanks,
Michael
I've written a rather nice and comprehensive PHP-based frontend for OSX server, however one issue I have is that I can only check whether a user is enabled or disabled one at a time, and only by calling into the server as root and issuing the below command (in this example to check mdavid) and then parsing the line to check if isDisabled=1 (locked) or =0 (unlocked).
pwpolicy -a diradmin -p <diradmin pw> -u mdavid -getpolicy
However, this means in my web user list, I will always list everyone (we have over 2,000 disabled users on our mail server) and on top of that won't be able to show status at least without doing many, many commands.
In best case, I'd be able to get this information from LDAP. I saw in the Apple Open Directory Admin 10.5 2nd Edition manual that there's some attribute called apple-user-passwordpolicy ... but I can't find it anywhere in LDAP! Do I have to do something special to enable this?
Failing that, under linux, the command "passwd -a -S" prints a list of all users and a code P/L (L is locked) as well as pwd expiration data. This style of using one command to get the status for everyone would also be sufficient.
Anyone have any ideas? Any help would be greatly appreciated.
Thanks,
Michael
