You can lock users' accounts manually by locking their password. You can later unlock the account, and the user can continue to use that password.
Note: If a user uses an LDAP client that is aware of LDAP password policy controls (for example, LDUA or a PAM-LDAP client), then the account-locked password policy control is returned in a bind refuse of a locked account.
To lock a user's account
set password-allow-locking = true;
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |