Title: #444: Allow nsaccountlock to be searched in user-find commands
I found "not-sure-if" bug, nsaccountlock is not always specified (admin has it
and any user after user-enable, that's why I didn't catch it during testing of
PR) in LDAP tree, so search `user-find --disabled=false` returns only admin adn
user that were explicitly enabled.
IMHO this is unexpected behavior for users, however expected from IPA framework
POW and LDAP POW.
What could we do to improve UX? Maybe on client side we should allow
`--disabled` only as flag to prevent users to search in enabled users and get
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code