Topic: LDAP Query

[Brave Dave]

A Question about LDAP

- I'm considering using Koozali SME Server as a primary authentication server
and
- I want to know if an account is locked

Using PHP from another machine, I can check is a user can login in by checking their LDAP  - simple - works

Code: [Select]

if (@ldap_bind($ldap, $dn, $password)) return true;

if I do an ldap_search
- is there any entry which will tell me that the account is locked

i.e.
- go to user manager
- lock the account
- then, using ldap, can I tell if the account is locked

(it looks to me like the answer is no)

thanks in advance

[bunkobugsy]

No, I don't seem to see any difference with LdapAdmin either.
If an account has never had a password set it's missing displayName attribute and sambaSamAccount objectClass.
But your only goal should only be https://wiki.koozali.org/LDAP_Authentication_for_applications

[Jean-Philippe Pialasse]

user is locked by setting this , so search if user has userPassword equal to {crypt}!*


but you might need privileges to do so. 

Code: [Select]

sub ldaplockuser {
  my $self = shift ;
  my $userName = shift;
  my $base = $self->base;
  my $result = $self->modify("uid=$userName,ou=Users,$base",
               replace => { 'userPassword' => "{crypt}!*"});
 return $result->code;
}



[Brave Dave]

Thanks bunkobugsy and Jean-Philippe Pialasse

I'll try that search