On Thu, 2016-06-30 at 05:53 +0000, kashefi@arissystem.com wrote:
> I am able to change nsaccountlock value using 389ds client software by right clicking on users and selecting active or inactive. but I need to change nsaccountlock value using an ldif file. The content of the file is :
>
> dn: uid=user001,ou=People,dc=test,dc=test2,dc=local
> changetype: modify
> replace: nsaccountlock
> nsaccountlock: false
>
> but unfortunately the value doesn't change. the ldapmodify command returns no error and there is no error in logs either.
> I appreciate any help on this subject.
There are a few reasons. Perhaps the user is part of the nsDisabledRole,
which causes the nsAccountLock to be set by a cos template. Have a look
at:
ldapsearch -H ldap://localhost:38932 -x -b 'dc=tgt,dc=example,dc=com' -D
'cn=Directory Manager' -W '(uid=tuser2)' cn nsaccountlock nsroledn
# tuser2, People, tgt.example.com
dn: uid=tuser2,ou=People,dc=tgt,dc=example,dc=com
cn: Test USer2
nsaccountlock: true
nsroledn: cn=nsManagedDisabledRole,dc=tgt,dc=example,dc=com
You can remove this with the ns-activate.pl script OR by removing
nsroledn from the account.
Hope this helps,
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
No comments:
Post a Comment