[Fedora-directory-users] nsaccountlock compare error

Rich Megginson rmeggins at redhat.com
Fri Dec 12 18:42:40 UTC 2008 

DANIEL CRISTIAN CRUZ wrote:
> "Rich Megginson" <rmeggins at redhat.com> escreveu:
>   
>> DANIEL CRISTIAN CRUZ wrote:
>>     
>>> Trying to figure out if an account is or isn't locked, I've tryied:
>>>
>>> (Python shell)
>>>       
>>>>>> server.compare_s("uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg", 
>>>>>>             
>>> 'nsAccountLock', 'true')
>>> ldap.NO_SUCH_ATTRIBUTE: {'desc': 'No such attribute'}
>>>
>>> I got the same code using PHP, there must be something with server 
>>> configuration or is it a "bad feature"?
>>>
>>>       
>> If there is no such attribute, then the account is enabled.  The account 
>> is only disabled if the attribute is present AND set to true.
>>     
>
> Yes, but it's there, with 'true' value assigned.
>
> Got to fetch the object and compare at language level:
>
>   
>>>> server.modify_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', [((ldap.MOD_ADD,
>>>>         
> 'nsaccountlock', 'true'))])
> (103, [])
>   
>>>> server.search_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', ldap.SCOPE_BASE,
>>>>         
> attrlist=['nsaccountlock'])
> [('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', {'nsaccountlock': ['true']})]
>   
>>>> server.compare_s('uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg', 'nsaccountlock',
>>>>         
> 'true')
> Traceback (most recent call last):
>   File "<stdin>", line 1, in <module>
>   File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 255, in
> compare_s
>     return self.compare_ext_s(dn,attr,value,None,None)
>   File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 244, in
> compare_ext_s
>     self.result(msgid,all=1,timeout=self.timeout)
>   File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 428, in
> result
>     res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
>   File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 432, in
> result2
>     res_type, res_data, res_msgid, srv_ctrls =
> self.result3(msgid,all,timeout)
>   File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 438, in
> result3
>     ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
>   File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 96, in
> _ldap_call
>     result = func(*args,**kwargs)
> ldap.NO_SUCH_ATTRIBUTE: {'desc': 'No such attribute'}
>
> I've search for some compare ACI, but there isn't any revoking the privilege
> (it's an account in Administrators Group).
>   
I would say, based on this data, that there is a bug in the server 
compare processing.  Does compare work with regular attributes (e.g. in 
the schema of the user)?  Note that nsAccountLock is an operational 
attribute.
> Regards,
> --
> <span style="color: #000080">Daniel Cristian Cruz
> </span>Administrador de Banco de Dados
> Direção Regional - Núcleo de Tecnologia da Informação
> SENAI - SC
> Telefone: 48-3239-1422 (ramal 1422)
>
>
>
>   


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20081212/d3d144a8/attachment.bin>

More information about the 389-users mailing list