URL: https://github.com/freeipa/freeipa/pull/444
Title: #444: Allow nsaccountlock to be searched in user-find commands

abbra commented:
The nsaccountlock *is* virtual attribute in 389-ds:

    attributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' 
       DESC 'Operational attribute for Account Inactivation' SYNTAX
       USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )

Notice `USAGE directoryOperation` in the attribute definition. It is treated as 
a virtual one everywhere in the code but nothing sets it. It is supposed to be 
set via nsRole and CoS template. See 
ns-activate.pl/ns-inactivate.pl/ns-accountstatus.pl in 389-ds for external 
manipulation of it.


See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to