URL: https://github.com/freeipa/freeipa/pull/444
Title: #444: Allow nsaccountlock to be searched in user-find commands

abbra commented:
"""
The nsaccountlock *is* virtual attribute in 389-ds:

    attributeTypes: ( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' 
       DESC 'Operational attribute for Account Inactivation' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15
       USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )

Notice `USAGE directoryOperation` in the attribute definition. It is treated as 
a virtual one everywhere in the code but nothing sets it. It is supposed to be 
set via nsRole and CoS template. See 
ns-activate.pl/ns-inactivate.pl/ns-accountstatus.pl in 389-ds for external 
manipulation of it.

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/444#issuecomment-284320588
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to