macOS Server Account Lockout Policy Enforcement

In light of macOS Server removing the Account Lockout Policy Enforcement feature from the GUI, one can still apply this enforcement by way of terminal command on the Open Directory Server itself. For Example:
Set LDAP Account Policy Enforcement:

pwpolicy -a <<diradmin>> -p <<password>> -u <<username to unlock> -setpolicy "maxFailedLoginAttempts=1"

Unlock account:

pwpolicy -a <<diradmin>> -p <<password>> -u <<username to unlock> -setpolicy "isDisabled=0"

Link to technical article: https://superuser.com/questions/577273/osx-server-ldap-pwpolicy-how-to-disable-a-account

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.