manage-account
manage-account — manage state of OpenDJ server accounts
Description
This utility can be used to retrieve and manipulate the values of password policy state variables.
Options
The manage-account command takes the following options:
Command options:
-b | --targetDn {targetDN}-
The DN of the user entry for which to get and set password policy state information.
LDAP connection options:
--connectTimeout {timeout}-
Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. Default: 30000
-D | --bindDn {bindDN}-
DN to use to bind to the server. Default: uid=admin
-E | --reportAuthzId-
Use the authorization identity control. Default: false
-h | --hostname {host}-
Fully-qualified server host name or IP address. Default: localhost.localdomain
-N | --certNickname {nickname}-
Nickname of the certificate that should be sent to the server for SSL client authentication.
-o | --saslOption {name=value}-
SASL bind options.
-p | --port {port}-
Directory server administration port number.
-T | --trustStorePassword {trustStorePassword}-
Truststore cleartext password.
--useJavaKeyStore {keyStorePath}-
JKS keystore containing the certificate which should be used for SSL client authentication.
--useJavaTrustStore {trustStorePath}-
Use a JKS truststore file for validating server certificate.
--useJceKeyStore {keyStorePath}-
JCEKS keystore containing the certificate which should be used for SSL client authentication.
--useJceTrustStore {trustStorePath}-
Use a JCEKS truststore file for validating server certificate.
--useJvmTrustStore-
Use the a JVM truststore for validating server certificate. Default: false
--usePasswordPolicyControl-
Use the password policy request control. Default: false
--usePkcs11KeyStore-
PKCS#11 keystore containing the certificate which should be used for SSL client authentication. Default: false
--usePkcs12KeyStore {keyStorePath}-
PKCS#12 keystore containing the certificate which should be used for SSL client authentication.
--usePkcs12TrustStore {trustStorePath}-
Use a PKCS#12 truststore file for validating server certificate.
-w | --bindPassword {bindPassword}-
Password to use to bind to the server. Omit this option while providing the bind DN to ensure that the command prompts for the password, rather than entering the password as a command argument.
-W | --keyStorePassword {keyStorePassword}-
Keystore cleartext password.
-X | --trustAll-
Trust all server SSL certificates. Default: false
Utility input/output options:
-n | --no-prompt-
Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. Default: false
-v | --verbose-
Use verbose mode. Default: false
General options:
-V | --version-
Display Directory Server version information. Default: false
-H | --help-
Display this usage information. Default: false
Subcommands
The manage-account command supports the following subcommands:
manage-account add-authentication-failure-time
Add an authentication failure time to the user account. This should be used only for testing purposes.
manage-account add-grace-login-use-time
Add a grace login use time to the user account. This should be used only for testing purposes.
manage-account clear-account-expiration-time
Clear account expiration time information from the user account.
manage-account clear-account-is-disabled
Clear account disabled state information from the user account.
manage-account clear-authentication-failure-times
Clear authentication failure time information from the user’s account. This should be used only for testing purposes.
manage-account clear-grace-login-use-times
Clear the set of grace login use times for the user. This should be used only for testing purposes.
manage-account clear-last-login-time
Clear the time that the user last authenticated to the server. This should be used only for testing purposes.
manage-account clear-password-changed-by-required-time
Clear information about the required password change time with which the user last complied. This should be used only for testing purposes.
manage-account clear-password-changed-time
Clear information about the time that the user’s password was last changed. This should be used only for testing purposes.
manage-account clear-password-expiration-warned-time
Clear information about the time that the user first received an expiration warning notice. This should be used only for testing purposes.
manage-account clear-password-history
Clear password history state values for the user. This should be used only for testing purposes.
manage-account clear-password-is-reset
Clear information about whether the user will be required to change his or her password on the next successful authentication. This should be used only for testing purposes.
manage-account get-account-is-disabled
Display information about whether the user account has been administratively disabled.
manage-account get-authentication-failure-times
Display the authentication failure times for the user.
manage-account get-password-changed-by-required-time
Display the required password change time with which the user last complied.
manage-account get-password-changed-time
Display the time that the user’s password was last changed.
manage-account get-password-expiration-warned-time
Display the time that the user first received an expiration warning notice.
manage-account get-password-is-reset
Display information about whether the user will be required to change his or her password on the next successful authentication.
manage-account get-remaining-authentication-failure-count
Display the number of remaining authentication failures until the user’s account is locked.
manage-account get-remaining-grace-login-count
Display the number of grace logins remaining for the user.
manage-account get-seconds-until-account-expiration
Display the length of time in seconds until the user account expires.
manage-account get-seconds-until-authentication-failure-unlock
Display the length of time in seconds until the authentication failure lockout expires.
manage-account get-seconds-until-idle-lockout
Display the length of time in seconds until user’s account is locked because it has remained idle for too long.
manage-account get-seconds-until-password-expiration
Display length of time in seconds until the user’s password expires.
manage-account get-seconds-until-password-expiration-warning
Display the length of time in seconds until the user should start receiving password expiration warning notices.
manage-account get-seconds-until-password-reset-lockout
Display the length of time in seconds until user’s account is locked because the user failed to change the password in a timely manner after an administrative reset.
manage-account get-seconds-until-required-change-time
Display the length of time in seconds that the user has remaining to change his or her password before the account becomes locked due to the required change time.
manage-account set-account-is-disabled
Specify whether the user account has been administratively disabled.
manage-account set-authentication-failure-times
Specify the authentication failure times for the user. This should be used only for testing purposes.
manage-account set-grace-login-use-times
Specify the grace login use times for the user. This should be used only for testing purposes.
manage-account set-last-login-time
Specify the time that the user last authenticated to the server. This should be used only for testing purposes.
manage-account set-password-changed-by-required-time
Specify the required password change time with which the user last complied. This should be used only for testing purposes.
manage-account set-password-changed-time
Specify the time that the user’s password was last changed. This should be used only for testing purposes.
manage-account set-password-expiration-warned-time
Specify the time that the user first received an expiration warning notice. This should be used only for testing purposes.