Thank you Tony and Paul. This is why I think so many people are on this list. The information provided is good, useful, and to the point.
David Aragon > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray > Sent: Tuesday, August 01, 2006 5:42 PM > To: [email protected] > Subject: Re: [ActiveDir] Different (open)LDAP Question > > msDs-User-Account-Control-Computed is a constructed > attribute. Constructed attributes cannot be set manually > because they are automatically maintained by the system. > > Tony > ---------- Original Message ---------------------------------- > From: "David Aragon" <[EMAIL PROTECTED]> > Reply-To: [email protected] > Date: Tue, 1 Aug 2006 15:49:53 -0700 > > Without getting into the politics involved that got us here, > suffice it to say that someone with a lot of political clout, > no Windows or Active Directory experience (though > considerable MAC/OS X experience), and a PhD at the end of > their name, made a decision to deploy openLDAP and Active > Directory would be fed with information through a connector > written specifically for that purpose. > > For the most part this works well. We have developed a web > page that allows users to change passwords, incorporated > various (homegrown) connectors to provide for single sign-on > to most services, network drives, etc., all platform > independent, allowing users to freely move from Windows (~85% > total number of systems) to MAC OS-X systems (~15% total > number of systems) using the same set of credentials. One of > the few areas where issues have arisen is in the changing of > a users status. I have told them to modify > userAccountControl, the programmers (connector is written in > oCamel so there is a separate group that handles this) have > decided that msDs-User-Account-Control-Computed is the > correct attribute to use in order to enable, disable, lock, > unlock, etc. a user account. > > Can someone from this group tell me the differences between > these attributes and which would be the correct one to use > for the stated purposes? > > David Aragon > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > > > > > > ________________________________________________________________ > Sent via the WebMail system at mail.activedir.org > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
