From 21f86fd4e68209f112f49c37224662d3d9f9474e Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Sun, 16 Jan 2022 22:01:33 +0100
Subject: [PATCH] [zmldapsync] Handle locked accounts

---
 zmldapsync/zmldapsync.pl | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/zmldapsync/zmldapsync.pl b/zmldapsync/zmldapsync.pl
index 3f77aa5..ef2ac84 100755
--- a/zmldapsync/zmldapsync.pl
+++ b/zmldapsync/zmldapsync.pl
@@ -395,6 +395,13 @@ DOMAIN: foreach my $domain ( keys %{$conf->{domains}} ) {
         $attrs .= " zimbraAuthLdapExternalDn " . zim_attr_value( $ext_users->{$user}->{dn} );
       }
 
+      # Check if user is locked in Zimbra, and if so, unlock it
+      # An account from LDAP should get out of the search filter to get locked
+      if ( $zim_users->{$user}->{zimbraAccountStatus} eq 'locked' ) {
+        log_verbose( "User $user is " . $zim_users->{$user}->{zimbraAccountStatus} . " in Zimbra, will be set to active" );
+        $attrs .= " zimbraAccountStatus active ";
+      }
+
       if ( $attrs ne '' ) {
         # Some attribute must change, we need to update Zimbra
         log_verbose( "User $user has changed in external LDAP, updating it" );
@@ -966,7 +973,7 @@ sub get_default_conf {
         start_tls => 1
       },
       users => {
-        filter     => '(&(objectClass=user)(mail=*))',
+        filter     => '(&(objectClass=user)(mail=*)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))',
         key        => 'sAMAccountName',
         mail_attr  => 'mail',
         alias_attr => 'otherMailbox',