Hi all,
RedHat DS's doc states that the nsAccountLock attribute is multi-valued [1]. Some tests with 389ds led me to think it's also true for 389ds.
I cannot think of any reason explaining why it would have to be multi-valued. Do you have any idea?
Thank you.
[1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
Re-lifing an old thread here, but I have been searching for the same answer.
We were thinking of using the multi-value feature to lock various aspects of an account. By entering values like web, mail, app would mean no access to the respective service.
Are there any ideas on multi-value feature for nsAccountLock? Will it be redefined as a single-value attribute allowing only true/false?
Kind regards, Mitja
On 04. 07. 2013 13:47, Pierre ROUDIER wrote:
Hi all,
RedHat DS's doc states that the nsAccountLock attribute is multi-valued [1]. Some tests with 389ds led me to think it's also true for 389ds.
I cannot think of any reason explaining why it would have to be multi-valued. Do you have any idea?
Thank you.
[1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi Mitja,
the value of this attribute is checked against "true" internally in RHDS to decide if an account is locked or not.
Even if the attribute is multi valued by definition, internally it's considered single valued. Only the first value is taken into account.
Using this attribute for other purposes will interfere with password policy and particularly if the value is different than true, the account will be considered as locked.
I would propose to define a custom attribute to define different aspects of account inactivation.
Regards,
German.
----- Original Message -----
From: "Mitja Mihelič" mitja.mihelic@arnes.si To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Sent: Friday, July 10, 2015 2:35:34 PM Subject: Re: [389-users] multi-valued nsAccountLock
Re-lifing an old thread here, but I have been searching for the same answer.
We were thinking of using the multi-value feature to lock various aspects of an account. By entering values like web, mail, app would mean no access to the respective service.
Are there any ideas on multi-value feature for nsAccountLock? Will it be redefined as a single-value attribute allowing only true/false?
Kind regards, Mitja
On 04. 07. 2013 13:47, Pierre ROUDIER wrote:
Hi all,
RedHat DS's doc states that the nsAccountLock attribute is multi-valued [1]. Some tests with 389ds led me to think it's also true for 389ds.
I cannot think of any reason explaining why it would have to be multi-valued. Do you have any idea?
Thank you.
[1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org