ConductorOne · ggreer · Feb 20, 2025 · Feb 20, 2025 · Feb 20, 2025 · Feb 20, 2025
diff --git a/pkg/connector/user.go b/pkg/connector/user.go
@@ -40,6 +40,9 @@
 	attrUserPrincipalName  = "userPrincipalName"
 	attrUserAccountControl = "userAccountControl"
 	attrUserLastLogon      = "lastLogonTimestamp"
+
+	// FreeIPA (Red Hat Identity) specific attributes
+	attrNSAccountLock      = "nsAccountLock"
 )
 
 var allAttrs = []string{"*", "+"}
@@ -75,8 +78,10 @@
 func parseUserStatus(user *ldap.Entry) (v2.UserTrait_Status_Status, error) {
 	userStatus := v2.UserTrait_Status_STATUS_UNSPECIFIED
 
-	// Currently only UserAccountControlFlag from Microsoft is supported
+	// Currently only UserAccountControlFlag from Microsoft or nsAccountLock from FreeIPA is supported
 	userAccountControlFlag := user.GetEqualFoldAttributeValue(attrUserAccountControl)
+	nsAccountLockFlag := user.GetEqualFoldAttributeValue(attrNSAccountLock)
+
 	if userAccountControlFlag != "" {
 		userAccountControlFlag, err := strconv.ParseInt(userAccountControlFlag, 10, 64)
 		if err != nil {
@@ -90,7 +95,15 @@
 			userStatus = v2.UserTrait_Status_STATUS_DISABLED
 		}
 		return userStatus, nil
+	} else if nsAccountLockFlag != "" {
+		locked, _ := strconv.ParseBool(nsAccountLockFlag)
+		if locked {
+			userStatus = v2.UserTrait_Status_STATUS_DISABLED
+		} else {
+			userStatus = v2.UserTrait_Status_STATUS_ENABLED
+		}
 	}
+
 	return userStatus, nil
 }