[Samba] Account locked and delayed user data propagation...

[Rowland penny]

On 03/12/2019 16:51, Marco Gaiarin via samba wrote:
> Mandi! Rowland penny via samba
>    In chel di` si favelave...
>
>> Do you mean apart from '$((${LOT} + ${LOD}))' should really be
>> '$((LOT+LOD))' ?
> Apart bashism, this seems not the point:
>
>   root at vdcsv1:~# bash -vx  /tmp/test
>   LOT=1
>   + LOT=1
>   
>   LOD=1
>   + LOD=1
>   
>   TMPF=$((${LOT} + ${LOD}))
>   + TMPF=2
>   echo $TMPF
>   + echo 2
>   2
>   
>   TMPF=$((LOT+LOD))
>   + TMPF=2
>   echo $TMPF
>   + echo 2
>   2
>
>
>> I take it that you are calling the function like this: user_is_locked gaio
>> try it like this: res=$(user_is_locked gaio)
>> change all 'return' to 'echo'
>> Then check what "$res" is
> I've runm the script manually with 'bash -x', and so i've seen that LOT
> is non zero, while LOD is zero.
>
> But clearly 'LockoutTime' is in the past, and with a duration of
> zero... it is still in the past. ;-)
>
>
> So, i restate the question: how can i determine if account is locked
> with an LDAP query?!
>
>
> Thanks.
>
I think you are over thinking this ;-)

By default, a user object doesn't have a lockouttime attribute, so isn't 
locked out.

If it does have a lockouttime attribute, it can be zero or non zero, if 
it is zero, it isn't locked out. If it is non zero, the account is 
locked out.

So, all you need to do, check for the lockouttime attribute and if found 
and it isn't '0', set it to '0'

Rowland