I’ve read Q&A: How can I identify a deactivated user. This works with univention-ldapsearch, but I’m not able to get it running with pythons ldap3:
search(search_base=LDAP_BASE_DN,
search_scope=ldap3.SUBTREE,
search_filter="(&(objectCategory=user)(memberOf={}))".format(groupDN),
attributes= ["displayName","shadowExpire","sambaAcctFlags","krb5KDCFlags"])
returns error “ldap3.core.exceptions.LDAPAttributeError: invalid attribute type sambaAcctFlags”, same for krb5KDCFlags. Only shadowExpire is accepted, but always returns an empty list.
If I exclude sambaAcctFlags and krb5KDCFlags from ldap3 attribute check, the query is accepted, but both
attributes return empty lists too.
Does anyone know how to get this running?
Thanks,
Mathias