Unlock a user object in HPUX LDAP Directory Server

Question

I am accessing the HP UX directory server through my java code, for reset & unlock a locked out user account in the Directory server.

Here is my code for user account password reset.

openConnection(details);

loadUserInformation((String)details.get("END_USER_NAME"));

ModificationItem[] mods = new ModificationItem[1];

Attribute mod0 = new BasicAttribute("userpassword", (String)details.get("NEW_PASSWORD"));

mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0);

connection.modifyAttributes(user, mods);

closeConnection();

But I can't do the account unlock for the given user because I can't find the LDAP attribute for account lockout in my LDAP browser.

Answer 1

Looks like HPUX Directory server is a clone of Red hat Directory server.

First, which unlock are you trying to perform? An account could be locked by different aspects depending on how you have setup your password policy.

If the account is intruder detected lockout, then you need to perform the following operation:

dn: uid=scarter,ou=people,dc=example,dc=com
changetype: modify
delete: passwordRetryCount
-
delete: accountUnlockTime

-jim

Answer 2

The correct answer is to configure the password policies first then configure subtree level or user based password policies and account lockout policies then make a user account get locked and try the following code will unlocks a locked out account.

ModificationItem[] mods = new ModificationItem[2];
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("passwordRetryCount"));
mods[1] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("accountUnlockTime"));
connection.modifyAttributes(user, mods);

Answer 3

The entry's object class(es) define which attributes are allowed. You should lookup the entry's object class and try to find the correct attribute from there.