'*PK*' will allow a 'locked' account to login in certain situations, remove it for...

[mirror/userdir-ldap.git] / ud-generate

diff --git a/ud-generate b/ud-generate
index 8baf226..f7c929e 100755 (executable)
--- a/ud-generate
+++ b/ud-generate
@@ -4,8 +4,8 @@
 
 #   Copyright (c) 2000-2001  Jason Gunthorpe <jgg@debian.org>
 #   Copyright (c) 2003-2004  James Troup <troup@debian.org>
-#   Copyright (c) 2004-2005  Joey Schulze <joey@infodrom.org>
-#   Copyright (c) 2001-2006  Ryan Murray <rmurray@debian.org>
+#   Copyright (c) 2004-2005,7  Joey Schulze <joey@infodrom.org>
+#   Copyright (c) 2001-2007  Ryan Murray <rmurray@debian.org>
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
@@ -364,7 +364,8 @@ def GenPrivate(l,File):
          continue;
 
       # If the account is locked, do not write it
-      if (string.find(GetAttr(x,"userPassword"),"*LK*")  != -1):
+      if (string.find(GetAttr(x,"userPassword"),"*LK*")  != -1) \
+             or (string.find(GetAttr(x,"userPassword"),"*PK*")  != -1):
          continue;
 
       # If the account has no PGP key, do not write it
@@ -403,8 +404,7 @@ def GenMailDisable(l,File):
       Reason = None
       
       # If the account is locked, disable incoming mail
-      if (string.find(GetAttr(x,"userPassword"),"*LK*")  != -1) or \
-         x[1].has_key("keyFingerPrint") == 0:
+      if (string.find(GetAttr(x,"userPassword"),"*LK*")  != -1):
          Reason = "user account locked"
       else:
          if x[1].has_key("mailDisableMessage"):