ldapadmin

Bad day, today !  I’ve waste hours googling to find how to remove nsAccountLock attribute of an inetOrgPerson in Sun Directory Server. So I hope that this post will be helpfull for some other tech guys.

I had already spend a few minutes wondering what the LDAPAdmin crappy tool means displaying «  ». I needed then some time to remember that particular attributes were not not shown by default. So I ran another ldapsearch query explicitely asking for diplaying « nsAccountLock ». And could easily understand the resaon why I Ccould not bind !

Problem seen is half solved, no ? So, I start thinking about how to delete this f… attribute or modify its value to « FALSE ».

First point : you won’t find anything in the Oracle Directory Server Control Center ( web-based interface to access and manage server instances ). Second, LDAP Admin tools won’t allow you to edit directly the nsAccountLock attribute even then to see its value.

The only way I’ve found was to use ldif commands. LDIF is  not my favorite format for managing directory content, neither is DSML :-). I had to google once again to find right syntax for removing/editing an attribute.

Finally, I chose the following one that, wich of course did not work from LDAPAdmin import feature. I didn’t undestand why. So I also try the « modify » syntax in various tests. I finally switch to Apache Directory Studio to solve this issue.

dn: cn=7121,CN=3ce5f7gha2,OU=AEMIDENTITY,dc=iam,dc=marot,dc=fr

changetype: modify

delete: nsAccountLock

nsAccountLock: TRUE