[Freeipa-devel] [freeipa PR#444][comment] Allow nsaccountlock to be searched in user-find commands
abbra
freeipa-github-notification at redhat.com
Mon Mar 6 07:21:56 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/444
Title: #444: Allow nsaccountlock to be searched in user-find commands
abbra commented:
"""
The nsaccountlock *is* virtual attribute in 389-ds:
attributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock'
DESC 'Operational attribute for Account Inactivation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )
Notice `USAGE directoryOperation` in the attribute definition. It is treated as a virtual one everywhere in the code but nothing sets it. It is supposed to be set via nsRole and CoS template. See ns-activate.pl/ns-inactivate.pl/ns-accountstatus.pl in 389-ds for external manipulation of it.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/444#issuecomment-284320588
More information about the Freeipa-devel
mailing list