I have a need to programmatically enable/disable a user. I am using Python's ldap module and so would like to know how to do this via ldap modify.
I used the dsutil command to enable/disable a user and the only attributes I saw that changed were nsAccountLock. However, simply modifying this attribute was not sufficient (at least in terms of dsutil status).
What do I need to do to enable/disable programmatically?
it's strange, I've tried with some basic ldapsearch/modify and dsutil commands and it works nicely on DS 18.104.22.168.1 (Solaris10/x86); which version are you using?
The reason could also be that in the end nsAccountLock is a 'virtual attribute' that is computed based on the role:
try checking the nscpentrywsi before/after to see exactly what it does, or enable the audit logging to have some low level details.