[Fedora-directory-users] nsaccountlock compare error

DANIEL CRISTIAN CRUZ daniel.cruz at sc.senai.br
Fri Dec 12 18:32:45 UTC 2008 

"Rich Megginson" <rmeggins at redhat.com> escreveu:
> DANIEL CRISTIAN CRUZ wrote:
>> Trying to figure out if an account is or isn't locked, I've tryied:
>>
>> (Python shell)
>> >>> server.compare_s("uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg", 
>> 'nsAccountLock', 'true')
>> ldap.NO_SUCH_ATTRIBUTE: {'desc': 'No such attribute'}
>>
>> I got the same code using PHP, there must be something with server 
>> configuration or is it a "bad feature"?
>>
> If there is no such attribute, then the account is enabled.  The account 
> is only disabled if the attribute is present AND set to true.

Yes, but it's there, with 'true' value assigned.

Got to fetch the object and compare at language level:

>>> server.modify_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', [((ldap.MOD_ADD,
'nsaccountlock', 'true'))])
(103, [])
>>> server.search_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', ldap.SCOPE_BASE,
attrlist=['nsaccountlock'])
[('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', {'nsaccountlock': ['true']})]
>>> server.compare_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', 'nsaccountlock',
'true')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 255, in
compare_s
    return self.compare_ext_s(dn,attr,value,None,None)
  File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 244, in
compare_ext_s
    self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 428, in
result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 432, in
result2
    res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)
  File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 438, in
result3
    ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 96, in
_ldap_call
    result = func(*args,**kwargs)
ldap.NO_SUCH_ATTRIBUTE: {'desc': 'No such attribute'}

I've search for some compare ACI, but there isn't any revoking the privilege
(it's an account in Administrators Group).

Regards,
--
<span style="color: #000080">Daniel Cristian Cruz
</span>Administrador de Banco de Dados
Direção Regional - Núcleo de Tecnologia da Informação
SENAI - SC
Telefone: 48-3239-1422 (ramal 1422)

More information about the Fedora-directory-users mailing list