Previous Topic: Enforce Password Rules When Reactivating an AccountNext Topic: Check Which Accounts Are Locked

Administration GuideManage User Accounts and PasswordsUse Password Settings to Administer User AccountsLock a User Account

Lock a User Account

You can lock a user's account manually by locking the password. You can later unlock the account, and the user can continue to use that password.

Note: If a user uses an LDAP client that is aware of LDAP password policy controls (for example, LDUA or a PAM-LDAP client), then the account-locked password policy control is returned in a bind refuse of a locked account.

Follow these steps:

  1. Enable password locking using the following command: 
    set password-allow-locking = true;
  2. Lock a user's account by adding the attribute dxPwdLocked with the value true to the user's entry.

To unlock a user account, remove the attribute dxPwdLocked from the user's entry, or set the value to false.

More information:

Password Commands Requiring an LDAP Client

set password-allow-locking Command