the value of this attribute is checked against "true" internally in RHDS to
decide if an account is locked or not.
Even if the attribute is multi valued by definition, internally it's considered single
valued. Only the first value is taken into account.
Using this attribute for other purposes will interfere with password policy and
particularly if the value is different than true, the account will be considered as
I would propose to define a custom attribute to define different aspects of account
----- Original Message -----
From: "Mitja Mihelič" <mitja.mihelic(a)arnes.si>
To: "General discussion list for the 389 Directory server project."
Sent: Friday, July 10, 2015 2:35:34 PM
Subject: Re: [389-users] multi-valued nsAccountLock
Re-lifing an old thread here, but I have been searching for the same answer.
We were thinking of using the multi-value feature to lock various
aspects of an account.
By entering values like web, mail, app would mean no access to the
Are there any ideas on multi-value feature for nsAccountLock?
Will it be redefined as a single-value attribute allowing only true/false?
Kind regards, Mitja
On 04. 07. 2013 13:47, Pierre ROUDIER wrote:
> Hi all,
> RedHat DS's doc states that the nsAccountLock attribute is multi-valued
> Some tests with 389ds led me to think it's also true for 389ds.
> I cannot think of any reason explaining why it would have to be
> Do you have any idea?
> Thank you.
> 389 users mailing list
389 users mailing list