Access and alter password policy state properties for user entries.
manage-account get-all --hostname server.example.com --port 389 \
--bindDN uid=admin,dc=example,dc=com --bindPassword password \
--targetDN uid=jdoe,ou=People,dc=example,dc=com
manage-account set-account-is-disabled --hostname server.example.com --port 389 \
--bindDN uid=admin,dc=example,dc=com --bindPassword password \
--targetDN uid=jdoe,ou=People,dc=example,dc=com --operationValue true
Clear account disabled state information from the user account
Display when the user account will expire
Display information about whether the user account has been administratively disabled
Display all password policy state information for the user
Display the authentication failure times for the user
Display the grace login use times for the user
Display the time that the user last authenticated to the server
Display the required password change time with which the user last complied
Display the time that the user's password was last changed
Display the time that the user first received an expiration warning notice
Display password history state values for the user
Display information about whether the user will be required to change his or her password on the next successful authentication
Display the DN of the password policy for the user
Display the number of remaining authentication failures until the user's account is locked
Display the number of grace logins remaining for the user
Display the length of time in seconds until the user account expires
Display the length of time in seconds until the authentication failure lockout expires
Display the length of time in seconds until the user's account is locked because it has remained idle for too long
Display length of time in seconds until the user's password expires
Display the length of time in seconds until the user should start receiving password expiration warning notices
Display the length of time in seconds until the user's account is locked because the user failed to change the password in a timely manner after an administrative reset
Display the length of time in seconds that the user has to change his or her password before the account becomes locked
Specify whether the user account has been administratively disabled
-O {true|false}
--operationValue {true|false}
| Description | Enter 'true' to indicate that the account is disabled, or 'false' to indicate that it is not disabled |
| Allowed Values |
true false |
| Required | Yes |
| Multi-Valued | No |
-V
--version
| Description | Display Directory Server version information |
-H
--help
| Description | Display general usage information |
--help-ldap
| Description | Display help for using LDAP options |
--help-sasl
| Description | Display help for using SASL options |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-h {host}
--hostname {host}
| Description | Directory Server hostname or IP address |
| Default Value | 127.0.0.1 |
| Required | No |
| Multi-Valued | No |
-p {port}
--port {port}
| Description | Directory Server port number |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Default Value | 389 |
| Required | No |
| Multi-Valued | No |
-Z
--useSSL
| Description | Use SSL for secure communication with the server |
-q
--useStartTLS
| Description | Use StartTLS to secure communication with the server |
-D {bindDN}
--bindDN {bindDN}
| Description | The DN used to bind to the server |
| Required | No |
| Multi-Valued | No |
-w {bindPassword}
--bindPassword {bindPassword}
| Description | The password used to bind to the server |
| Required | No |
| Multi-Valued | No |
-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}
| Description | The path to the file containing the bind password |
| Required | No |
| Multi-Valued | No |
-b {targetDN}
--targetDN {targetDN}
| Description | The DN of the user entry for which to get and set password policy state information |
| Required | Yes |
| Multi-Valued | No |
-o {name=value}
--saslOption {name=value}
| Description | SASL bind options |
| Required | No |
| Multi-Valued | Yes |
-X
--trustAll
| Description | Trust all server SSL certificates |
-K {keyStorePath}
--keyStorePath {keyStorePath}
| Description | Certificate key store path |
| Required | No |
| Multi-Valued | No |
-W {keyStorePassword}
--keyStorePassword {keyStorePassword}
| Description | Certificate key store PIN |
| Required | No |
| Multi-Valued | No |
-u {keyStorePasswordFile}
--keyStorePasswordFile {keyStorePasswordFile}
| Description | Certificate key store PIN file |
| Required | No |
| Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
| Description | Nickname of the certificate for SSL client authentication |
| Required | No |
| Multi-Valued | No |
-P {trustStorePath}
--trustStorePath {trustStorePath}
| Description | Certificate trust store path |
| Required | No |
| Multi-Valued | No |
-T {trustStorePassword}
--trustStorePassword {trustStorePassword}
| Description | Certificate trust store PIN |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | Certificate trust store PIN file |
| Required | No |
| Multi-Valued | No |
--help-subcommands
| Description | Display all available subcommands for use with this tool |