DANIEL CRISTIAN CRUZ wrote:
> "Rich Megginson" <rmeggins at redhat.com> escreveu:
>
>> DANIEL CRISTIAN CRUZ wrote:
>>
>>> Trying to figure out if an account is or isn't locked, I've tryied:
>>>
>>> (Python shell)
>>>
>>>>>> server.compare_s("uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg",
>>>>>>
>>> 'nsAccountLock', 'true')
>>> ldap.NO_SUCH_ATTRIBUTE: {'desc': 'No such attribute'}
>>>
>>> I got the same code using PHP, there must be something with server
>>> configuration or is it a "bad feature"?
>>>
>>>
>> If there is no such attribute, then the account is enabled. The account
>> is only disabled if the attribute is present AND set to true.
>>
>
> Yes, but it's there, with 'true' value assigned.
>
> Got to fetch the object and compare at language level:
>
>
>>>> server.modify_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', [((ldap.MOD_ADD,
>>>>
> 'nsaccountlock', 'true'))])
> (103, [])
>
>>>> server.search_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', ldap.SCOPE_BASE,
>>>>
> attrlist=['nsaccountlock'])
> [('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', {'nsaccountlock': ['true']})]
>
>>>> server.compare_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', 'nsaccountlock',
>>>>
> 'true')
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 255, in
> compare_s
> return self.compare_ext_s(dn,attr,value,None,None)
> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 244, in
> compare_ext_s
> self.result(msgid,all=1,timeout=self.timeout)
> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 428, in
> result
> res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 432, in
> result2
> res_type, res_data, res_msgid, srv_ctrls =
> self.result3(msgid,all,timeout)
> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 438, in
> result3
> ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 96, in
> _ldap_call
> result = func(*args,**kwargs)
> ldap.NO_SUCH_ATTRIBUTE: {'desc': 'No such attribute'}
>
> I've search for some compare ACI, but there isn't any revoking the privilege
> (it's an account in Administrators Group).
>
I would say, based on this data, that there is a bug in the server
compare processing. Does compare work with regular attributes (e.g. in
the schema of the user)? Note that nsAccountLock is an operational
attribute.
> Regards,
> --
> <span style="color: #000080">Daniel Cristian Cruz
> </span>Administrador de Banco de Dados
> Dire??o Regional - N?cleo de Tecnologia da Informa??o
> SENAI - SC
> Telefone: 48-3239-1422 (ramal 1422)
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20081212/d3d144a8/attachment.bin
