Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: °Bernz°
°Bernz° Author
User level: Level 1
84 points

Determining if a user is disabled in OD using LDAP query

Hello all,


I'm doing a LDAP query against my OD to make a web-based user directory. I'm using PHP and doing a LDAP search against 10.6 Server OD such as this:


$sr=ldap_search($ds, "cn=users,dc=my_server,dc=private", "(CN=*)");


The search is working perfectly, and I'm getting an array result with multiple key/values such as:


  • objectclass
  • uidnumber
  • apple-generateduid
  • apple-mcxflags
  • loginshell
  • etc.......


Since it's a listing of active employees, I want to identify deactivated ones and filter them out of my listing. However, I can't see any key/values that could tell me if a user is deactivated or not.


What would be the best way? Must I run a command line to see if a user is disabled, and if so, what command? (However, this would be poor on performance...)


Thanks.

Posted on Aug 17, 2012 5:50 AM

Reply
Question marked as Best reply
User profile for user: Strontium90
Strontium90
User level: Level 5
4,803 points

Posted on Aug 19, 2012 6:31 AM

I looked into this ages ago here:


https://discussions.apple.com/thread/1392481?answerId=6595575022#6595575022


This information was relevant back in 10.4 which was post NetInfo. All things being equal, this is likely still the case. However, this may have changed and I apologize in advance for not validating.

View in context
1 reply

Determining if a user is disabled in OD using LDAP query

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up