DANIEL CRISTIAN CRUZ
2008-Dec-12 17:39 UTC
[Fedora-directory-users] nsaccountlock compare error
Hi All, Trying to figure out if an account is or isn''t locked, I''ve tryied: (Python shell)>>> server.compare_s("uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg", ''nsAccountLock'',''true'') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 255, in compare_s return self.compare_ext_s(dn,attr,value,None,None) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 244, in compare_ext_s self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 428, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 432, in result2 res_type, res_data, res_msgid, srv_ctrls self.result3(msgid,all,timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 438, in result3 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) ldap.NO_SUCH_ATTRIBUTE: {''desc'': ''No such attribute''} I got the same code using PHP, there must be something with server configuration or is it a "bad feature"? I had many servers here, all with the same problem. Kind regards, -- <span style="color: #000080">Daniel Cristian Cruz </span>Administrador de Banco de Dados Direção Regional - Núcleo de Tecnologia da Informação SENAI - SC Telefone: 48-3239-1422 (ramal 1422)
Rich Megginson
2008-Dec-12 18:12 UTC
Re: [Fedora-directory-users] nsaccountlock compare error
DANIEL CRISTIAN CRUZ wrote:> > Hi All, > > Trying to figure out if an account is or isn''t locked, I''ve tryied: > > (Python shell) > >>> server.compare_s("uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg", > ''nsAccountLock'', ''true'') > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line > 255, in compare_s > return self.compare_ext_s(dn,attr,value,None,None) > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line > 244, in compare_ext_s > self.result(msgid,all=1,timeout=self.timeout) > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line > 428, in result > res_type,res_data,res_msgid = self.result2(msgid,all,timeout) > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line > 432, in result2 > res_type, res_data, res_msgid, srv_ctrls = > self.result3(msgid,all,timeout) > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line > 438, in result3 > ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 96, > in _ldap_call > result = func(*args,**kwargs) > ldap.NO_SUCH_ATTRIBUTE: {''desc'': ''No such attribute''} > > I got the same code using PHP, there must be something with server > configuration or is it a "bad feature"? >If there is no such attribute, then the account is enabled. The account is only disabled if the attribute is present AND set to true.> > I had many servers here, all with the same problem. > > Kind regards, > > ------------------------------------------------------------------------ > > *Daniel Cristian Cruz* > *Administrador de Banco de Dados > *Direção Regional - *Núcleo de Tecnologia da Informação > SENAI - SC > Telefone: 48-3239-1422 (ramal 1422)* > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
DANIEL CRISTIAN CRUZ
2008-Dec-12 18:32 UTC
Re: [Fedora-directory-users] nsaccountlock compare error
"Rich Megginson" <rmeggins@redhat.com> escreveu:> DANIEL CRISTIAN CRUZ wrote: >> Trying to figure out if an account is or isn''t locked, I''ve tryied: >> >> (Python shell) >> >>> server.compare_s("uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg", >> ''nsAccountLock'', ''true'') >> ldap.NO_SUCH_ATTRIBUTE: {''desc'': ''No such attribute''} >> >> I got the same code using PHP, there must be something with server >> configuration or is it a "bad feature"? >> > If there is no such attribute, then the account is enabled. The account > is only disabled if the attribute is present AND set to true.Yes, but it''s there, with ''true'' value assigned. Got to fetch the object and compare at language level:>>> server.modify_s(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', [((ldap.MOD_ADD,''nsaccountlock'', ''true''))]) (103, [])>>> server.search_s(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', ldap.SCOPE_BASE,attrlist=[''nsaccountlock'']) [(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', {''nsaccountlock'': [''true'']})]>>> server.compare_s(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', ''nsaccountlock'',''true'') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 255, in compare_s return self.compare_ext_s(dn,attr,value,None,None) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 244, in compare_ext_s self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 428, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 432, in result2 res_type, res_data, res_msgid, srv_ctrls self.result3(msgid,all,timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 438, in result3 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) ldap.NO_SUCH_ATTRIBUTE: {''desc'': ''No such attribute''} I''ve search for some compare ACI, but there isn''t any revoking the privilege (it''s an account in Administrators Group). Regards, -- <span style="color: #000080">Daniel Cristian Cruz </span>Administrador de Banco de Dados Direção Regional - Núcleo de Tecnologia da Informação SENAI - SC Telefone: 48-3239-1422 (ramal 1422)
Rich Megginson
2008-Dec-12 18:42 UTC
Re: [Fedora-directory-users] nsaccountlock compare error
DANIEL CRISTIAN CRUZ wrote:> "Rich Megginson" <rmeggins@redhat.com> escreveu: > >> DANIEL CRISTIAN CRUZ wrote: >> >>> Trying to figure out if an account is or isn''t locked, I''ve tryied: >>> >>> (Python shell) >>> >>>>>> server.compare_s("uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg", >>>>>> >>> ''nsAccountLock'', ''true'') >>> ldap.NO_SUCH_ATTRIBUTE: {''desc'': ''No such attribute''} >>> >>> I got the same code using PHP, there must be something with server >>> configuration or is it a "bad feature"? >>> >>> >> If there is no such attribute, then the account is enabled. The account >> is only disabled if the attribute is present AND set to true. >> > > Yes, but it''s there, with ''true'' value assigned. > > Got to fetch the object and compare at language level: > > >>>> server.modify_s(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', [((ldap.MOD_ADD, >>>> > ''nsaccountlock'', ''true''))]) > (103, []) > >>>> server.search_s(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', ldap.SCOPE_BASE, >>>> > attrlist=[''nsaccountlock'']) > [(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', {''nsaccountlock'': [''true'']})] > >>>> server.compare_s(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', ''nsaccountlock'', >>>> > ''true'') > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 255, in > compare_s > return self.compare_ext_s(dn,attr,value,None,None) > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 244, in > compare_ext_s > self.result(msgid,all=1,timeout=self.timeout) > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 428, in > result > res_type,res_data,res_msgid = self.result2(msgid,all,timeout) > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 432, in > result2 > res_type, res_data, res_msgid, srv_ctrls > self.result3(msgid,all,timeout) > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 438, in > result3 > ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) > File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 96, in > _ldap_call > result = func(*args,**kwargs) > ldap.NO_SUCH_ATTRIBUTE: {''desc'': ''No such attribute''} > > I''ve search for some compare ACI, but there isn''t any revoking the privilege > (it''s an account in Administrators Group). >I would say, based on this data, that there is a bug in the server compare processing. Does compare work with regular attributes (e.g. in the schema of the user)? Note that nsAccountLock is an operational attribute.> Regards, > -- > <span style="color: #000080">Daniel Cristian Cruz > </span>Administrador de Banco de Dados > Direção Regional - Núcleo de Tecnologia da Informação > SENAI - SC > Telefone: 48-3239-1422 (ramal 1422) > > > >
DANIEL CRISTIAN CRUZ
2008-Dec-12 18:52 UTC
Re: [Fedora-directory-users] nsaccountlock compare error
"Rich Megginson" <rmeggins@redhat.com> escreveu:> I would say, based on this data, that there is a bug in the server > compare processing. Does compare work with regular attributes (e.g. in > the schema of the user)? Note that nsAccountLock is an operational > attribute.Unfortunatelly, yes, it works:>>> server.compare_s(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', ''uid'',''zaza.zozo.zozo'') 1>>> server.compare_s(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', ''uid'',''zaza.zozo.zuzu'') 0 Regards, -- <span style="color: #000080">Daniel Cristian Cruz </span>Administrador de Banco de Dados Direção Regional - Núcleo de Tecnologia da Informação SENAI - SC Telefone: 48-3239-1422 (ramal 1422)
Rich Megginson
2008-Dec-12 19:05 UTC
Re: [Fedora-directory-users] nsaccountlock compare error
DANIEL CRISTIAN CRUZ wrote:> "Rich Megginson" <rmeggins@redhat.com> escreveu: > >> I would say, based on this data, that there is a bug in the server >> compare processing. Does compare work with regular attributes (e.g. in >> the schema of the user)? Note that nsAccountLock is an operational >> attribute. >> > > Unfortunatelly, yes, it works: >Please file a bug. In the meantime, you''ll have to just use search instead of compare.> >>>> server.compare_s(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', ''uid'', >>>> > ''zaza.zozo.zozo'') > 1 > >>>> server.compare_s(''uid=zaza.zozo.zozo,ou=UnitA,o=MyOrg'', ''uid'', >>>> > ''zaza.zozo.zuzu'') > 0 > > Regards, > -- > <span style="color: #000080">Daniel Cristian Cruz > </span>Administrador de Banco de Dados > Direção Regional - Núcleo de Tecnologia da Informação > SENAI - SC > Telefone: 48-3239-1422 (ramal 1422) > > > >