This content has been marked as final. Show 2 replies
it's strange, I've tried with some basic ldapsearch/modify and dsutil commands and it works nicely on DS 22.214.171.124.1 (Solaris10/x86); which version are you using?
The reason could also be that in the end nsAccountLock is a 'virtual attribute' that is computed based on the role:
try checking the nscpentrywsi before/after to see exactly what it does, or enable the audit logging to have some low level details.
Thanks. I will go try your experiment to see if it helps give insight into what dsutil is doing behind the scenes.