Language and Page Formatting Options
Chapter 18. Re-enabling accounts that reached the inactivity limit
If Directory Server inactivated an account because it reached the inactivity limit, an administrator can re-enable the account.
18.1. Re-enabling accounts inactivated by the Account Policy plug-in
You can re-enable accounts using the
dsconf account unlock command or by manually updating the
lastLoginTime attribute of the inactivated user.
- An inactivated user account.
Reactivate the account using one of the following methods:
dsconf account unlockcommand:
dsidm -D "cn=Directory manager" ldap://server.example.com -b "dc=example,dc=com" account unlock "uid=example,ou=People,dc=example,dc=com"
By setting the
lastLoginTimeattribute of the user to a recent time stamp:
ldapmodify -H ldap://server.example.com -x -D "cn=Directory Manager" -Wdn: uid=example,ou=People,dc=example,dc=com changetype: modify replace: lastLoginTime lastLoginTime: 20210901000000Z
Authenticate as the user that you have reactivated. For example, perform a search:
ldapsearch -H ldap://server.example.com -x -D "uid=example,ou=People,dc=example,dc=com" -W -b "dc=example,dc=com -s base"
If the user can successfully authenticate, the account was reactivated.