This content has been marked as final. Show 2 replies
it's strange, I've tried with some basic ldapsearch/modify and dsutil commands and it works nicely on DS 220.127.116.11.1 (Solaris10/x86); which version are you using?
The reason could also be that in the end nsAccountLock is a 'virtual attribute' that is computed based on the role:
try checking the nscpentrywsi before/after to see exactly what it does, or enable the audit logging to have some low level details.