From d48035f728881a862330d18c2d59c5bfe2e0c09b Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Mon, 17 Jan 2022 09:20:16 +0100
Subject: [PATCH] [zmldapsync] Update ad example to exclude disabled accounts

---
 zmldapsync/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/zmldapsync/README.md b/zmldapsync/README.md
index 805a848..fa30cc0 100644
--- a/zmldapsync/README.md
+++ b/zmldapsync/README.md
@@ -96,8 +96,8 @@ domains:
     users:
       # Base DN where to look for users
       base: OU=People,DC=corp3,DC=net
-      # Filter to look for users
-      filter: '(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=Role_Mail,OU=Roles,DC=corp3,DC=net)(mail=*))'
+      # Filter to look for users. Note that this filter exclude locked user in AD. So if you lock it in AD it'll correctly be locked in Zimbra
+      filter: '(&(objectClass=user)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))(memberOf:1.2.840.113556.1.4.1941:=CN=Role_Mail,OU=Roles,DC=corp3,DC=net)(mail=*))'
       # The attribute which uniquely identify a user. Usually either uid or sAMAccountName
       # This attribute will be used as the user name in Zimbra (with the domain appended)
       key: sAMAccountName