Access and alter password policy state properties for user entries.
manage-account get-all --hostname server.example.com --port 389 \
--bindDN uid=admin,dc=example,dc=com --bindPassword password \
--targetDN uid=jdoe,ou=People,dc=example,dc=com
manage-account set-account-is-disabled --hostname server.example.com --port 389 \
--bindDN uid=admin,dc=example,dc=com --bindPassword password \
--targetDN uid=jdoe,ou=People,dc=example,dc=com --operationValue true
manage-account set-account-is-disabled --hostname server.example.com --port 389 \
--bindDN uid=admin,dc=example,dc=com --bindPassword password \
--dnInputFile dn-input-file.txt --operationValue true
Clear account disabled state information from the user account
Display when the user account will expire
Display information about whether the user account has been administratively disabled
Display all password policy state information for the user
Display the authentication failure times for the user
Display the grace login use times for the user
Determine whether the user has a valid retired password that may be used for authentication
Display the time that the user last authenticated to the server
Display the required password change time with which the user last complied
Display the time that the user's password was last changed
Display the time that the user first received an expiration warning notice
Display password history state values for the user
Display information about whether the user will be required to change his or her password on the next successful authentication
Display the DN of the password policy for the user
Get the time the user's former password was retired
Display the number of remaining authentication failures until the user's account is locked
Display the number of grace logins remaining for the user
Get the time the user's retired password will expire
Display the length of time in seconds until the user account expires
Display the length of time in seconds until the authentication failure lockout expires
Display the length of time in seconds until the user's account is locked because it has remained idle for too long
Display length of time in seconds until the user's password expires
Display the length of time in seconds until the user should start receiving password expiration warning notices
Display the length of time in seconds until the user's account is locked because the user failed to change the password in a timely manner after an administrative reset
Display the length of time in seconds that the user has to change his or her password before the account becomes locked
Purge any retired password from the user's entry
Specify whether the user account has been administratively disabled
-O {true|false}
--operationValue {true|false}
| Description | Enter 'true' to indicate that the account is disabled, or 'false' to indicate that it is not disabled |
| Allowed Values |
false true |
| Required | Yes |
| Multi-Valued | No |
-V
--version
| Description | Display Data Store version information |
-H
--help
| Description | Display general usage information |
--help-ldap
| Description | Display help for using LDAP options |
--help-sasl
| Description | Display help for using SASL options |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-h {host}
--hostname {host}
| Description | Data Store hostname or IP address |
| Default Value | 127.0.0.1 |
| Required | No |
| Multi-Valued | No |
-p {port}
--port {port}
| Description | Data Store port number |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Default Value | 389 |
| Required | No |
| Multi-Valued | No |
-Z
--useSSL
| Description | Use SSL for secure communication with the server |
-q
--useStartTLS
| Description | Use StartTLS to secure communication with the server |
-D {bindDN}
--bindDN {bindDN}
| Description | The DN used to bind to the server |
| Required | No |
| Multi-Valued | No |
-w {bindPassword}
--bindPassword {bindPassword}
| Description | The password used to bind to the server |
| Required | No |
| Multi-Valued | No |
-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}
| Description | The path to the file containing the bind password |
| Required | No |
| Multi-Valued | No |
-b {targetDN}
--targetDN {targetDN}
| Description | The DN of the user entry for which to get and set password policy state information |
| Required | No |
| Multi-Valued | No |
-o {name=value}
--saslOption {name=value}
| Description | SASL bind options |
| Required | No |
| Multi-Valued | Yes |
-X
--trustAll
| Description | Trust all server SSL certificates |
-K {keystorePath}
--keyStorePath {keystorePath}
| Description | Certificate keystore path |
| Required | No |
| Multi-Valued | No |
-W {keystorePassword}
--keyStorePassword {keystorePassword}
| Description | Certificate keystore PIN |
| Required | No |
| Multi-Valued | No |
-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}
| Description | Certificate keystore PIN file |
| Required | No |
| Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
| Description | Nickname of the certificate for SSL client authentication |
| Required | No |
| Multi-Valued | No |
-P {truststorePath}
--trustStorePath {truststorePath}
| Description | Certificate truststore path |
| Required | No |
| Multi-Valued | No |
-T {truststorePassword}
--trustStorePassword {truststorePassword}
| Description | Certificate truststore PIN |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | Certificate truststore PIN file |
| Required | No |
| Multi-Valued | No |
--dnInputFile {dnInputFile}
| Description | Path to an input file of DNs for use with this tool |
| Required | No |
| Multi-Valued | No |
--help-subcommands
| Description | Display all available subcommands for use with this tool |