4 Replies Latest reply: Apr 17, 2013 12:13 AM by hvornum
hvornum Level 1 Level 1 (0 points)



For some reason, Apple is great at just changing the syntax or path of <insert random feature here>.

And thus, I'm having trouble disabling (not locking a account, that seems to work fine by setting pwdLastSet to 0) which should disable the user from logging in.


The reason being is that i'm creating a scenario where:


* User tries to login 3 times -> Gets locked out

  * A script running in the background unlocks the account after 30min or so


In between or even after the system adminitrator has a neat button to disable accounts and it shouldn't just lock out the accounts because that would sort of defeat the purpose of the script and the whole locked-out mechanism but rather disable the account all togeather rendering the users account invalid for logins even if the correct password is supplied and the account is unlocked/never locked in the first place.



Is this possible? and where do i get & set this value because it sure isn't stored in the LDAP directory any longer (or wasn't even in the first place?).



Script language: PHP





(Note: I come from a Unix and some what Windows background and finding things in OSX is more confusing than not since 80% of the guides and documentation is obsolete if you even manage to find any on the interwebs, hence why i need help with even the basic stuff as figuring out how and where the mechanics are for different password/account parts)

Virtual and Some default server?, OS X Server, PHP, Apache, OpenLDAP (?)