OSX Server - LDAP / pwpolicy - How to disable a account?
Hi.
For some reason, Apple is great at just changing the syntax or path of <insert random feature here>.
And thus, I'm having trouble disabling (not locking a account, that seems to work fine by setting pwdLastSet to 0) which should disable the user from logging in.
The reason being is that i'm creating a scenario where:
* User tries to login 3 times -> Gets locked out
* A script running in the background unlocks the account after 30min or so
In between or even after the system adminitrator has a neat button to disable accounts and it shouldn't just lock out the accounts because that would sort of defeat the purpose of the script and the whole locked-out mechanism but rather disable the account all togeather rendering the users account invalid for logins even if the correct password is supplied and the account is unlocked/never locked in the first place.
Is this possible? and where do i get & set this value because it sure isn't stored in the LDAP directory any longer (or wasn't even in the first place?).
Script language: PHP
(Note: I come from a Unix and some what Windows background and finding things in OSX is more confusing than not since 80% of the guides and documentation is obsolete if you even manage to find any on the interwebs, hence why i need help with even the basic stuff as figuring out how and where the mechanics are for different password/account parts)
Virtual and Some default server?-OTHER, OS X Server, PHP, Apache, OpenLDAP (?)