[Samba] Account locked and delayed user data propagation...
Marco Gaiarin
gaio at sv.lnf.it
Thu Dec 5 08:44:41 UTC 2019
Mandi! Rowland penny via samba
In chel di` si favelave...
> As I said, if 'lockoutTime' isn't set or it is set to '0', then the user
> isn't locked out, anything else and it is, but I do not believe that you can
> set it to anything else but '0' manually, only the system can do this.
> This is where 'lockoutDuration' comes in, the account should be unlocked
> when 'lockoutTime' + 'lockoutDuration' = NOW.
> However, you want to script (presumably when someone contacts you and
> screams 'I cannot log in') a way to unlock the user, the only way to do this
> is to set 'lockoutTime' to '0' regardless of what it is set to now.
Exactly. The function now appear as:
user_is_locked () {
local LOT=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lockoutTime | grep "^lockoutTime: " | cut -d ' ' -f 2-)
if [ -z "${LOT}" ] || [ ${LOT} -eq 0 ]; then
return 1
fi
local LOD=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lockoutDuration | grep "^lockoutDuration: " | cut -d ' ' -f 2-)
if [ -z "${LOD}" ] || [ ${LOD} -eq 0 ]; then
return 0
fi
TMPF=$(w2u "$((${LOT} + ${LOD}))")
if [ ${TMPF} -gt ${NOW} ]; then
return 0
fi
return 1
}
And finally seems to work. ;-)
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list