DANIEL CRISTIAN CRUZ wrote:
I would say, based on this data, that there is a bug in the server compare processing. Does compare work with regular attributes (e.g. in the schema of the user)? Note that nsAccountLock is an operational attribute."Rich Megginson" <rmeggins@xxxxxxxxxx> escreveu:DANIEL CRISTIAN CRUZ wrote:If there is no such attribute, then the account is enabled. The account is only disabled if the attribute is present AND set to true.Trying to figure out if an account is or isn't locked, I've tryied: (Python shell)server.compare_s("uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg",'nsAccountLock', 'true') ldap.NO_SUCH_ATTRIBUTE: {'desc': 'No such attribute'}I got the same code using PHP, there must be something with server configuration or is it a "bad feature"?Yes, but it's there, with 'true' value assigned. Got to fetch the object and compare at language level:server.modify_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', [((ldap.MOD_ADD,'nsaccountlock', 'true'))]) (103, [])server.search_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', ldap.SCOPE_BASE,attrlist=['nsaccountlock']) [('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', {'nsaccountlock': ['true']})]server.compare_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', 'nsaccountlock','true') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 255, in compare_s return self.compare_ext_s(dn,attr,value,None,None) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 244, in compare_ext_s self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 428, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 432, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 438, in result3 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) ldap.NO_SUCH_ATTRIBUTE: {'desc': 'No such attribute'} I've search for some compare ACI, but there isn't any revoking the privilege (it's an account in Administrators Group).
Regards, -- <span style="color: #000080">Daniel Cristian Cruz </span>Administrador de Banco de Dados Direção Regional - Núcleo de Tecnologia da Informação SENAI - SC Telefone: 48-3239-1422 (ramal 1422)
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
