Pradhap1125

How to use default attribute after password policy configuration in CA directory

Discussion created by Pradhap1125 on Jan 22, 2018
Latest reply on Jan 25, 2018 by Pradhap1125

I have configured password policies to suspend account after 3 unsuccessful retries using following policy

set password-retries = 3;


Policy is working fine and suspends account as expected. However I have 3 challenges ,

1.Find suspended accounts for a specific duration.
2.Find failed login attempts even if account is not suspended e.g. Unsuccessful retries are 2 but account is not suspended.
3.Activate account from bespoke Java application using LDAP queries. Do not want directory to activate account after certain duration without any verification.

I can see following attributes in documentation but cannot query them from my bespoke application.

dxPwdFailedAttempts
dxPwdFailedTime
dxPwdLoginTime
dxPwdLastChange

dxPwdLocked

Can you advise how to know the suspended status, number of attempts, time of unsuccessful attempts and how to activate a suspended account.

Outcomes