A set of extended operations are provided that allow an LDAP
root administrator or an administrator with the appropriate authority
the ability to query the effective password policy for a user or group
and to query the status of a user's account. See
Administrative group and roles for more information about administrative role authority.
The
ldapexop utility is provided to call these
password policy extended operations.
Table 1 summarizes
the extended operations including the
ldapexop operation
value. See
ldapexop utility for more information.
Table 1. Password
policy extended operations
| ldapexop operation |
ldapexop description |
Overview |
| acctstatus |
Account status extended
operation |
This extended operation is used to query the
status of a user entry that contains a userPassword value.
The status returned is if the user's account is opened, locked by
an administrator, or the user's password is expired. See Account status for more information. |
| effectpwdpolicy |
Effective password policy extended
operation |
This extended operation is used to query a user's
or group's effective password policy entries and the effective password
policy attribute values. See Effective password policy for
more information. |
See
Effective password policy examples and
Account status extended operation example for examples on using these extended operations.