Description of problem: compare operation against nsaccountlock returns error even if account is locked Version-Release number of selected component (if applicable): 1.1.3 How reproducible: easy Steps to Reproduce: 1. lock the account 2. use a compare operation with attribute 'nsaccountlock' and value 'true' Actual results: No attribute (error 16) Expected results: True? Additional info: https://www.redhat.com/archives/fedora-directory-users/2008-December/msg00086.html
I think the problem may be that operational attributes do not work with the compare operation. You tried with a regular attribute and compare works, correct?
Yes, as shown in the thread, when used with a regular attribte it works. Just get error message using nsaccountlock.
Created attachment 331887 [details] cvs diff ldapserver/ldap/servers/plugins/cos/cos_cache.c Description: Compare function for the CoS attribute cos_cache_cmp_attr failed to set the result. By setting the right return code, the nsAccountLock matches true if the user's account is inactivated. $ ldapcompare -D "cn=Directory Manager" -w <password> nsAccountLock:True "uid=tuser0,dc=example,dc=com" comparing type: "nsAccountLock" value: "True" in entry "uid=tuser0,dc=example,dc=com" compare TRUE $ ldapcompare -D "cn=Directory Manager" -w <password> nsAccountLock:False "uid=tuser0,dc=example,dc=com" comparing type: "nsAccountLock" value: "False" in entry "uid=tuser0,dc=example,dc=com" compare FALSE Note: once the user is activated, the compare command returns "No such attribute" (regardless of the value to compare, of course): $ ldapcompare -D "cn=Directory Manager" -w <password> nsAccountLock:True "uid=tuser0,dc=example,dc=com" comparing type: "nsAccountLock" value: "True" in entry "uid=tuser0,dc=example,dc=com" ldap_compare: No such attribute $ ldapcompare -D "cn=Directory Manager" -w <password> nsAccountLock:False "uid=tuser0,dc=example,dc=com" comparing type: "nsAccountLock" value: "False" in entry "uid=tuser0,dc=example,dc=com" ldap_compare: No such attribute
Created attachment 332061 [details] cvs commit message Reviewed by Rich (Thank you!!) Checked in into CVS HEAD.
fix verifiedd DS 8.1 RHEL 5 Inactive User: [root@jennyv2 ~]# /usr/lib/mozldap/ldapcompare -D "cn=Directory Manager" -w Secret123 nsAccountLock:True "uid=ryan,ou=people,dc=example,dc=com" comparing type: "nsAccountLock" value: "True" in entry "uid=ryan,ou=people,dc=example,dc=com" compare TRUE [root@jennyv2 ~]# /usr/lib/mozldap/ldapcompare -D "cn=Directory Manager" -w Secret123 nsAccountLock:False "uid=ryan,ou=people,dc=example,dc=com" comparing type: "nsAccountLock" value: "False" in entry "uid=ryan,ou=people,dc=example,dc=com" compare FALSE Active User: [root@jennyv2 ~]# /usr/lib/mozldap/ldapcompare -D "cn=Directory Manager" -w Secret123 nsAccountLock:True "uid=ryan,ou=people,dc=example,dc=com" comparing type: "nsAccountLock" value: "True" in entry "uid=ryan,ou=people,dc=example,dc=com" ldap_compare: No such attribute [root@jennyv2 ~]# /usr/lib/mozldap/ldapcompare -D "cn=Directory Manager" -w Secret123 nsAccountLock:False "uid=ryan,ou=people,dc=example,dc=com" comparing type: "nsAccountLock" value: "False" in entry "uid=ryan,ou=people,dc=example,dc=com" ldap_compare: No such attribute
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html