lib/cratus/user.rb in cratus-0.2.4 vs lib/cratus/user.rb in cratus-0.2.5

@@ -32,11 +32,27 @@
 
     def lockouttime
       @raw_ldap_data[Cratus.config.user_lockout_attribute].last
     end
 
+    # https://fossies.org/linux/web2ldap/pylib/w2lapp/schema/plugins/activedirectory.py
+    # https://msdn.microsoft.com/en-us/library/windows/desktop/ms676843(v=vs.85).aspx
+    #
     def locked?
-      lockouttime != '0'
+      return false if lockouttime == '0'
+      epoch = 116_444_736_000_000_000
+      current = Time.now.to_i * 10_000_000
+      current - (lockouttime - epoch) < lockoutduration
+    end
+
+    def lockoutduration
+      raw_results = Cratus::LDAP.search(
+        '(objectClass=domain)',
+        basedn: Cratus.config.basedn,
+        attrs: 'lockoutDuration',
+        scope: 'object'
+      ).last
+      Integer(raw_results[:lockoutduration].last) * -1
     end
 
     def member_of
       memrof_attr = Cratus.config.user_memberof_attribute
       # TODO: move the search filter to a configurable param