Comment 0 for bug 1376053

The user_enabled_invert setting is supposed to invert the meaning of True/False for the user enabled attribute. This makes "lock" attributes useful, where "False" indicates that an account is not locked.

The invert logic expects that we have a bool type that we then invert using 'not' in this snippet of code from UserApi._ldap_res_to_model:

--------------------------------------------------------------------
        elif self.enabled_invert and not self.enabled_emulation:
            enabled = obj.get('enabled', self.enabled_default)
            obj['enabled'] = not enabled
--------------------------------------------------------------------

The problem is that we get a bool trype from the default value, and a str type from LDAP. Evaluating a string with 'not' will be False for any non-empty string. This means that we will fail to invert a string of "False" that is returned from LDAP, leading to accounts being inadvertently disabled. This code needs to handle converting a str type to bool before inverting the value.