Directory Services 7.4.3

manage-account

manage-account — manage state of OpenDJ server accounts

Synopsis

manage-account {subcommand} {options}

Description

This utility can be used to retrieve and manipulate the values of password policy state variables.

Options

The manage-account command takes the following options:

Command options:

-b | --targetDn {targetDN}

The DN of the user entry for which to get and set password policy state information.

LDAP connection options:

--connectTimeout {timeout}

Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. Default: 30000

-D | --bindDn {bindDN}

DN to use to bind to the server. Default: uid=admin

-E | --reportAuthzId

Use the authorization identity control. Default: false

-h | --hostname {host}

Fully-qualified server host name or IP address. Default: localhost.localdomain

-N | --certNickname {nickname}

Nickname of the certificate that should be sent to the server for SSL client authentication.

-o | --saslOption {name=value}

SASL bind options.

-p | --port {port}

Directory server administration port number.

--providerArg {argument}

Configuration argument for the PKCS#11 provider.

--providerClass {class}

Full class name of the PKCS#11 provider.

--providerName {name}

Name of the PKCS#11 provider.

-T | --trustStorePassword[:env|:file] {trustStorePassword}

Truststore password which will be used as the cleartext configuration value.

--useJavaKeyStore {keyStorePath}

JKS keystore containing the certificate which should be used for SSL client authentication.

--useJavaTrustStore {trustStorePath}

Use a JKS truststore file for validating server certificate.

--useJceKeyStore {keyStorePath}

JCEKS keystore containing the certificate which should be used for SSL client authentication.

--useJceTrustStore {trustStorePath}

Use a JCEKS truststore file for validating server certificate.

--useJvmTrustStore

Use the JVM truststore for validating server certificate. Default: false

--usePasswordPolicyControl

Use the password policy request control. Default: false

--usePkcs11KeyStore

PKCS#11 keystore containing the certificate which should be used for SSL client authentication. Default: false

--usePkcs12KeyStore {keyStorePath}

PKCS#12 keystore containing the certificate which should be used for SSL client authentication.

--usePkcs12TrustStore {trustStorePath}

Use a PKCS#12 truststore file for validating server certificate.

-w | --bindPassword[:env|:file] {bindPassword}

Password to use to bind to the server. Omit this option while providing the bind DN to ensure that the command prompts for the password, rather than entering the password as a command argument.

-W | --keyStorePassword[:env|:file] {keyStorePassword}

Keystore password which will be used as the cleartext configuration value.

-X | --trustAll

Trust all server SSL certificates. Default: false

Utility input/output options:

-n | --no-prompt

Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. Default: false

-v | --verbose

Use verbose mode. Default: false

General options:

-V | --version

Display Directory Server version information. Default: false

-H | --help

Display this usage information. Default: false

Subcommands

The manage-account command supports the following subcommands:

manage-account add-authentication-failure-time

manage-account add-authentication-failure-time {options}

Add an authentication failure time to the user account. This should be used only for testing purposes.

Options

In addition to the global manage-account options, the manage-account add-authentication-failure-time subcommand takes the following options:

-O | --operationValue {time}

A timestamp value using the generalized time syntax. Multiple timestamp values may be given by providing this argument multiple times.

manage-account add-grace-login-use-time

manage-account add-grace-login-use-time {options}

Add a grace login use time to the user account. This should be used only for testing purposes.

Options

In addition to the global manage-account options, the manage-account add-grace-login-use-time subcommand takes the following options:

-O | --operationValue {time}

A timestamp value using the generalized time syntax. Multiple timestamp values may be given by providing this argument multiple times.

manage-account clear-account-expiration-time

manage-account clear-account-expiration-time

Clear account expiration time information from the user account.

manage-account clear-account-is-disabled

manage-account clear-account-is-disabled

Clear account disabled state information from the user account.

manage-account clear-authentication-failure-times

manage-account clear-authentication-failure-times

Clear authentication failure time information from the user’s account. This should be used only for testing purposes.

manage-account clear-grace-login-use-times

manage-account clear-grace-login-use-times

Clear the set of grace login use times for the user. This should be used only for testing purposes.

manage-account clear-last-login-time

manage-account clear-last-login-time

Clear the time that the user last authenticated to the server. This should be used only for testing purposes.

manage-account clear-password-changed-by-required-time

manage-account clear-password-changed-by-required-time

Clear information about the required password change time with which the user last complied. This should be used only for testing purposes.

manage-account clear-password-changed-time

manage-account clear-password-changed-time

Clear information about the time that the user’s password was last changed. This should be used only for testing purposes.

manage-account clear-password-expiration-warned-time

manage-account clear-password-expiration-warned-time

Clear information about the time that the user first received an expiration warning notice. This should be used only for testing purposes.

manage-account clear-password-history

manage-account clear-password-history

Clear password history state values for the user. This should be used only for testing purposes.

manage-account clear-password-is-reset

manage-account clear-password-is-reset

Clear information about whether the user will be required to change his or her password on the next successful authentication. This should be used only for testing purposes.

manage-account get-account-expiration-time

manage-account get-account-expiration-time

Display when the user account will expire.

manage-account get-account-is-disabled

manage-account get-account-is-disabled

Display information about whether the user account has been administratively disabled.

manage-account get-all

manage-account get-all

Display all password policy state information for the user.

manage-account get-authentication-failure-times

manage-account get-authentication-failure-times

Display the authentication failure times for the user.

manage-account get-grace-login-use-times

manage-account get-grace-login-use-times

Display the grace login use times for the user.

manage-account get-last-login-time

manage-account get-last-login-time

Display the time that the user last authenticated to the server.

manage-account get-password-changed-by-required-time

manage-account get-password-changed-by-required-time

Display the required password change time with which the user last complied.

manage-account get-password-changed-time

manage-account get-password-changed-time

Display the time that the user’s password was last changed.

manage-account get-password-expiration-warned-time

manage-account get-password-expiration-warned-time

Display the time that the user first received an expiration warning notice.

manage-account get-password-is-reset

manage-account get-password-is-reset

Display information about whether the user will be required to change his or her password on the next successful authentication.

manage-account get-password-policy-dn

manage-account get-password-policy-dn

Display the DN of the password policy for the user.

manage-account get-remaining-authentication-failure-count

manage-account get-remaining-authentication-failure-count

Display the number of remaining authentication failures until the user’s account is locked.

manage-account get-remaining-grace-login-count

manage-account get-remaining-grace-login-count

Display the number of grace logins remaining for the user.

manage-account get-seconds-until-account-expiration

manage-account get-seconds-until-account-expiration

Display the length of time in seconds until the user account expires.

manage-account get-seconds-until-authentication-failure-unlock

manage-account get-seconds-until-authentication-failure-unlock

Display the length of time in seconds until the authentication failure lockout expires.

manage-account get-seconds-until-idle-lockout

manage-account get-seconds-until-idle-lockout

Display the length of time in seconds until user’s account is locked because it has remained idle for too long.

manage-account get-seconds-until-password-expiration

manage-account get-seconds-until-password-expiration

Display length of time in seconds until the user’s password expires.

manage-account get-seconds-until-password-expiration-warning

manage-account get-seconds-until-password-expiration-warning

Display the length of time in seconds until the user should start receiving password expiration warning notices.

manage-account get-seconds-until-password-reset-lockout

manage-account get-seconds-until-password-reset-lockout

Display the length of time in seconds until user’s account is locked because the user failed to change the password in a timely manner after an administrative reset.

manage-account get-seconds-until-required-change-time

manage-account get-seconds-until-required-change-time

Display the length of time in seconds that the user has remaining to change his or her password before the account becomes locked due to the required change time.

manage-account set-account-expiration-time

manage-account set-account-expiration-time {options}

Specify when the user account will expire.

Options

In addition to the global manage-account options, the manage-account set-account-expiration-time subcommand takes the following options:

-O | --operationValue {time}

A timestamp value using the generalized time syntax.

manage-account set-account-is-disabled

manage-account set-account-is-disabled {options}

Specify whether the user account has been administratively disabled.

Options

In addition to the global manage-account options, the manage-account set-account-is-disabled subcommand takes the following options:

-O | --operationValue {true|false}

'true' to indicate that the account is disabled, or 'false' to indicate that it is not disabled.

manage-account set-authentication-failure-times

manage-account set-authentication-failure-times {options}

Specify the authentication failure times for the user. This should be used only for testing purposes.

Options

In addition to the global manage-account options, the manage-account set-authentication-failure-times subcommand takes the following options:

-O | --operationValue {time}

A timestamp value using the generalized time syntax. Multiple timestamp values may be given by providing this argument multiple times.

manage-account set-grace-login-use-times

manage-account set-grace-login-use-times {options}

Specify the grace login use times for the user. This should be used only for testing purposes.

Options

In addition to the global manage-account options, the manage-account set-grace-login-use-times subcommand takes the following options:

-O | --operationValue {time}

A timestamp value using the generalized time syntax. Multiple timestamp values may be given by providing this argument multiple times.

manage-account set-last-login-time

manage-account set-last-login-time {options}

Specify the time that the user last authenticated to the server. This should be used only for testing purposes.

Options

In addition to the global manage-account options, the manage-account set-last-login-time subcommand takes the following options:

-O | --operationValue {time}

A timestamp value using the generalized time syntax.

manage-account set-password-changed-by-required-time

manage-account set-password-changed-by-required-time {options}

Specify the required password change time with which the user last complied. This should be used only for testing purposes.

Options

In addition to the global manage-account options, the manage-account set-password-changed-by-required-time subcommand takes the following options:

-O | --operationValue {time}

A timestamp value using the generalized time syntax.

manage-account set-password-changed-time

manage-account set-password-changed-time {options}

Specify the time that the user’s password was last changed. This should be used only for testing purposes.

Options

In addition to the global manage-account options, the manage-account set-password-changed-time subcommand takes the following options:

-O | --operationValue {time}

A timestamp value using the generalized time syntax.

manage-account set-password-expiration-warned-time

manage-account set-password-expiration-warned-time {options}

Specify the time that the user first received an expiration warning notice. This should be used only for testing purposes.

Options

In addition to the global manage-account options, the manage-account set-password-expiration-warned-time subcommand takes the following options:

-O | --operationValue {time}

A timestamp value using the generalized time syntax.

manage-account set-password-is-reset

manage-account set-password-is-reset {options}

Specify whether the user will be required to change his or her password on the next successful authentication. This should be used only for testing purposes.

Options

In addition to the global manage-account options, the manage-account set-password-is-reset subcommand takes the following options:

-O | --operationValue {true|false}

'true' to indicate that the account is disabled, or 'false' to indicate that it is not disabled.

Exit codes

0

The command completed successfully.

89

An error occurred while parsing the command-line arguments.