1.修改/home/idsldap/idsslapd-idsldap/etc/ibmslapd.conf
将下面改成true:
ibm-slapdConfigPwdPolicyOn: true
2.启用策略
#cd /opt/ibm/ldap/V6.3/bin/
#./idsldapmodify -D cn=root -w password
dn: cn=pwdpolicy,cn=ibmPolicies
changetype: modify
replace:ibm-pwdpolicy
ibm-pwdpolicy: true
-
replace: pwdlockout
pwdlockout: TRUE
3.重启TDS
#/opt/ibm/ldap/V6.3/sbin/ibmslapd -k
#/opt/ibm/ldap/V6.3/sbin/ibmslapd
4.锁定某个用户
#./idsldapmodify -D cn=root -w password
dn:uid=test,cn=users,dc=com
changetype:modify
replace: ibm-pwdAccountLocked
ibm-pwdAccountLocked: true
5.验证是否已锁
# ./ldapsearch -D uid=test,cn=users,dc=com -w wwwwww -p 389 -b dc=com -s sub objectclass=*
ldap_simple_bind: DSA is unwilling to perform --- Error, Account is locked
6.查看所有被锁定的用户
#./ldapsearch -D cn=root -w wwwwww -p 389 -b "cn=users,dc=com" objectclass=* ibm-pwdAccountLocked
