I have configured password policies to suspend account after 3 unsuccessful retries using following policy
set password-retries = 3;
Policy is working fine and suspends account as expected. However I have 3 challenges ,
1.Find suspended accounts for a specific duration.
2.Find failed login attempts even if account is not suspended e.g. Unsuccessful retries are 2 but account is not suspended.
3.Activate account from bespoke Java application using LDAP queries. Do not want directory to activate account after certain duration without any verification.
I can see following attributes in documentation but cannot query them from my bespoke application.
Can you advise how to know the suspended status, number of attempts, time of unsuccessful attempts and how to activate a suspended account.