I'm trying to get when a user account was un-disabled. I'm not getting anything right in the filter syntax to only return users with nsaccountlock modifytimestamp between search values.
It seems I can see different modifytimestamp values for different components of a user account if they are changed at different times. Example: change employeenumber, wait 10 minutes and disable the account. Ldapsearch for uid employeenumber nssaccountlock modifytimestamp will show two modifytimestamp entries, one each for employeenumber and nsaccountlock. I am trying to explicitly filter out users who's accounts have been re-enabled in the past 30 days.
Ideas are greatly appreciated!!
freeipa-users@lists.fedorahosted.org