#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2009
    Posts
    2
    Rep Power
    0

    NsAccountLock attribute in iPlanet Directory Server


    Hi,

    I need to create an LDAP filter, this filter will return only the enabled user accounts from iPlanet Directory Server's contact database. I know that iPlanet has an operational attribute "nsAccountLock" which is set to true if an account is disabled. And I supposed I will be able to use this attribute to discard disabled accounts. That way the filter would be something like this:

    ((&objectClass=inetOrgPerson)(nsAccountLock=FALSE))

    But above quoted filter is not working,because when I use this attribute in a filter, iPlanet does not return any results.
    Is there anybody out there who's already faced/solved this puzzle?

    How can I create a filter in iPlanet which will return only enabled accounts? Feedback will be more than welcome

    Regards,
    Naeem.
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2009
    Posts
    1
    Rep Power
    0
    How about this? It works on my Fedora Directory server, which is based on iPlanet:

    (&(objectClass=inetOrgPerson)(!(nsAccountLock=TRUE)))

    In my directory, setting a user to ACTIVE seems to remove the attribute entirely, not set it to FALSE as I've seen listed in various pieces of documentation. Hope this helps your search efforts.


    -Proto

IMN logo majestic logo threadwatch logo seochat tools logo