This content has been marked as final. Show 2 replies
it's strange, I've tried with some basic ldapsearch/modify and dsutil commands and it works nicely on DS 126.96.36.199.1 (Solaris10/x86); which version are you using?
The reason could also be that in the end nsAccountLock is a 'virtual attribute' that is computed based on the role:
try checking the nscpentrywsi before/after to see exactly what it does, or enable the audit logging to have some low level details.