Chapter 6. Re-enabling accounts that reached the inactivity limit
If Directory Server inactivated an account because it reached the inactivity limit, an administrator can re-enable the account.
6.1. Re-enabling accounts inactivated by the Account Policy plug-in
You can re-enable accounts using the dsconf account unlock
command or by manually updating the lastLoginTime
attribute of the inactivated user.
Prerequisites
- An inactivated user account.
Procedure
Reactivate the account using one of the following methods:
Using the
dsconf account unlock
command:#
dsidm -D "cn=Directory manager" ldap://server.example.com -b "dc=example,dc=com" account unlock "uid=example,ou=People,dc=example,dc=com"
By setting the
lastLoginTime
attribute of the user to a recent time stamp:#
ldapmodify -H ldap://server.example.com -x -D "cn=Directory Manager" -W
dn: uid=example,ou=People,dc=example,dc=com changetype: modify replace: lastLoginTime lastLoginTime: 20210901000000Z
Verification
Authenticate as the user that you have reactivated. For example, perform a search:
#
ldapsearch -H ldap://server.example.com -x -D "uid=example,ou=People,dc=example,dc=com" -W -b "dc=example,dc=com -s base"
If the user can successfully authenticate, the account was reactivated.