On Thu, 2016-06-30 at 05:53 +0000, kash...@arissystem.com wrote: > I am able to change nsaccountlock value using 389ds client software by right > clicking on users and selecting active or inactive. but I need to change > nsaccountlock value using an ldif file. The content of the file is : > > dn: uid=user001,ou=People,dc=test,dc=test2,dc=local > changetype: modify > replace: nsaccountlock > nsaccountlock: false > > but unfortunately the value doesn't change. the ldapmodify command returns no > error and there is no error in logs either. > I appreciate any help on this subject.
There are a few reasons. Perhaps the user is part of the nsDisabledRole, which causes the nsAccountLock to be set by a cos template. Have a look at: ldapsearch -H ldap://localhost:38932 -x -b 'dc=tgt,dc=example,dc=com' -D 'cn=Directory Manager' -W '(uid=tuser2)' cn nsaccountlock nsroledn # tuser2, People, tgt.example.com dn: uid=tuser2,ou=People,dc=tgt,dc=example,dc=com cn: Test USer2 nsaccountlock: true nsroledn: cn=nsManagedDisabledRole,dc=tgt,dc=example,dc=com You can remove this with the ns-activate.pl script OR by removing nsroledn from the account. Hope this helps, -- Sincerely, William Brown Software Engineer Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
-- 389-users mailing list 389-users@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
