October 27th, 2009, 10:17 AM
NsAccountLock attribute in iPlanet Directory Server
I need to create an LDAP filter, this filter will return only the enabled user accounts from iPlanet Directory Server's contact database. I know that iPlanet has an operational attribute "nsAccountLock" which is set to true if an account is disabled. And I supposed I will be able to use this attribute to discard disabled accounts. That way the filter would be something like this:
But above quoted filter is not working,because when I use this attribute in a filter, iPlanet does not return any results.
Is there anybody out there who's already faced/solved this puzzle?
How can I create a filter in iPlanet which will return only enabled accounts? Feedback will be more than welcome
November 17th, 2009, 12:26 PM
How about this? It works on my Fedora Directory server, which is based on iPlanet:
In my directory, setting a user to ACTIVE seems to remove the attribute entirely, not set it to FALSE as I've seen listed in various pieces of documentation. Hope this helps your search efforts.