For some reason, Apple is great at just changing the syntax or path of (insert random feature here).
And thus, I'm having trouble disabling (not locking a account, that seems to work fine by setting pwdLastSet to 0) which should disable the user from logging in.
The reason being is that i'm creating a scenario where:
- User tries to login 3 times -> Gets locked out
- A script running in the background unlocks the account after 30min or so
In between or even after the system adminitrator has a neat button to disable accounts and it shouldn't just lock out the accounts because that would sort of defeat the purpose of the script and the whole locked-out mechanism but rather disable the account all togeather rendering the users account invalid for logins even if the correct password is supplied and the account is unlocked/never locked in the first place.
Is this possible? and where do i get & set this value because it sure isn't stored in the LDAP directory any longer (or wasn't even in the first place?).
Script language: PHP
OSX Server: 10.8
(Note: I come from a Unix and some what Windows background and finding things in OSX is more confusing than not since 80% of the guides and documentation is obsolete if you even manage to find any on the interwebs, hence why i need help with even the basic stuff as figuring out how and where the mechanics are for different password/account parts)
No comments:
Post a Comment