Programming Guides › Programming Guide for Perl › CLI Policy Management Methods › CLI User Methods

CLI User Methods

DisableByAdmin Method—Sets or Retrieves Disabled-by-Administrator Flag

The DisableByAdmin method sets or retrieves the disabled-by-administrator flag which specifies whether the user account is disabled by the administrator.

Syntax

The DisableByAdmin method has the following format:

Netegrity::PolicyMgtUser‑>DisableByAdmin([disableFlag])

Parameters

The DisableByAdmin method accepts the following parameter:

disableFlag (int)

(Optional) Specifies a new value for the disabled-by-administrator flag.

• value = 1

  Specifies that the user account is disabled by the administrator.

• value = 0

  Specifies that the user account is not disabled by the administrator.

  Note: The user account can be disabled for other reasons. For more information, see Remarks.

Return Value

The DisableByAdmin method returns the new or existing value for the disabled-by-administrator flag:

• value = 1

  Specifies that the user account is disabled by the administrator.

• value = 0

  Specifies that the user account is not disabled by the administrator.

  Note: The user account can be disabled for other reasons. For more information, see Remarks.

• value = -1

  Specifies that the call is unsuccessful.

Remarks

User accounts can be disabled for one or more of the following reasons:

• The administrator disabled the user account.
• Account inactivity exceeded the time allowed.

  For more information, see the method PolicyMgtUser‑>DisableInactive.

• The number of login failures exceeded the maximum allowed.

  For more information, see the method PolicyMgtUser‑>DisableMaxLoginFail.

• The password expired.

  For more information, see the method PolicyMgtUser‑>DisablePwdExpired.

DisableInactive Method—Sets or Retrieves Disabled-by-Inactivity Flag

The DisableInactive method sets or retrieves the disabled-by-inactivity flag which specifies whether the user account is disabled because account inactivity exceeded the time allowed.

Syntax

The DisableInactive method has the following format:

Netegrity::PolicyMgtUser‑>DisableInactive([disableFlag])

Parameters

The DisableInactive method accepts the following parameter:

disableFlag (int)

(Optional) Specifies a new value for the disabled-by-inactivity flag.

• value = 1

Specifies that the user account is disabled because of inactivity.

• value = 0

Specifies that the user account is not disabled because of inactivity.

Note: The user account can be disabled for other reasons. For more information, see Remarks.

Return Value

The DisableInactive method returns the new or existing value for the disabled-by-inactivity flag:

• value = 1

  Specifies that the user account is disabled because of inactivity.

• value = 0

  Specifies that the user account is not disabled because of inactivity.

  Note: The user account can be disabled for other reasons. For more information, see Remarks.

• value = -1

  Specifies that the call is unsuccessful.

Remarks

User accounts can be disabled for one or more of the following reasons:

• The administrator disabled the user account.

  For more information, see the method PolicyMgtUser‑>DisableByAdmin.

• Account inactivity exceeded the time allowed.
• The number of login failures exceeded the maximum allowed.

  For more information, see the method PolicyMgtUser‑>DisableMaxLoginFail.

• The password expired.

  For more information, see the method PolicyMgtUser‑>DisablePwdExpired.

DisableMaxLoginFail Method—Sets or Retrieves Disabled-by-Max-Login-Failure Flag

The DisableMaxLoginFail method sets or retrieves the disabled-by-max-login-failure flag which specifies whether the user account is disabled because the number of login failures exceeded the maximum allowed.

Syntax

The DisableMaxLoginFail method has the following format:

Netegrity::PolicyMgtUser‑>DisableMaxLoginFail([disableFlag])

Parameters

The DisableMaxLoginFail method accepts the following parameter:

disableFlag (int)

(Optional) Specifies a new value for the disabled-by-max-login-failure flag.

• value = 1

  Specifies that the user account is disabled because the number of login failures exceeded the maximum allowed.

• value = 0

  Specifies that the user account is not disabled because the number of login failures exceeded the maximum allowed.

  Note: The user account can be disabled for other reasons. For more information, see Remarks.

Return Value

The DisableMaxLoginFail method returns the new or existing value for the disabled-by-max-login-failure flag:

• value = 1

  Specifies that the user account is disabled because the number of login failures exceeded the maximum allowed.

• value = 0

  Specifies that the user account is not disabled because the number of login failures exceeded the maximum allowed.

  Note: The user account can be disabled for other reasons. For more information, see Remarks.

• value = -1

  Specifies that the call is unsuccessful.

Remarks

User accounts can be disabled for one or more of the following reasons:

• The administrator disabled the user account.

  For more information, see the method PolicyMgtUser‑>DisableByAdmin.

• Account inactivity exceeded the time allowed.

  For more information, see the method PolicyMgtUser‑>DisableInactive.

• The number of login failures exceeded the maximum allowed.
• The password expired.

  For more information, see the method PolicyMgtUser‑>DisablePwdExpired.

DisablePwdExpired Method—Sets or Retrieves Disabled-by-Password-Expired Flag

The DisablePwdExpired method sets or retrieves the disabled-by-password-expired flag that specifies whether the user account is disabled because the password expired.

Syntax

The DisablePwdExpired method has the following format:

Netegrity::PolicyMgtUser‑>DisablePwdExpired([disableFlag])

Parameters

The DisablePwdExpired method accepts the following parameter:

disableFlag (int)

(Optional) Specifies a new value for the disabled-by-password-expired flag.

• value = 1

  Specifies that the user account is disabled because the password expired.

• value = 0

  Specifies that the user account is not disabled because the password expired.

• Note: The user account can be disabled for other reasons. For more information, see Remarks.

Return Value

The DisablePwdExpired method returns the new or existing value for the disabled-by-password-expired flag:

• value = 1

  Specifies that the user account is disabled because the password expired.

• value = 0

  Specifies that the user account is not disabled because the password expired.

  Note: The user account can be disabled for other reasons. For more information, see Remarks.

• value = -1

  Specifies that the call is unsuccessful.

Remarks

User accounts can be disabled for one or more of the following reasons:

• The administrator disabled the user account.

  For more information, see the method PolicyMgtUser‑>DisableByAdmin.

• Account inactivity exceeded the time allowed.

  For more information, see the method PolicyMgtUser‑>DisableInactive.

• The number of login failures exceeded the maximum allowed.

  For more information, see the method PolicyMgtUser‑>DisableMaxLoginFail.

• The password expired.

ForcePwdChange Method—Sets or Retrieves Force-Password-Change Flag

The ForcePwdChange method sets or retrieves the force-password-change flag that specifies whether to force a password change at the next user login.

Syntax

The ForcePwdChange method has the following format:

Netegrity::PolicyMgtUser‑>ForcePwdChange([forceFlag])

Parameters

The ForcePwdChange method accepts the following parameter:

forceFlag (int)

(Optional) Specifies whether to force a password change at the next user login.

• value = 1

  Specifies forcing a password change at the next user login.

• value = 0

  Specifies not forcing a password change at the next user login.

Return Value

The ForcePwdChange method returns the new or existing value for the force-password-change flag.

• value = 1

  Specifies forcing a password change at the next user login.

• value = 0

  Specifies not forcing a password change at the next user login.

• value = -1

  Specifies that the call is unsuccessful.

GetClass Method—Retrieves User Class

The GetClass method retrieves the user class.

Syntax

The GetClass method has the following format:

Netegrity::PolicyMgtUser‑>GetClass()

Parameters

The GetClass method accepts no parameters.

Return Value

The GetClass method returns one of the following values:

• user_class

  Example: "organization"

• undef if the call is unsuccessful

GetPath Method—Retrieves User Path

The GetPath method retrieves the user path. The user path is the distinguished name (DN).

Syntax

The GetPath method has the following format:

Netegrity::PolicyMgtUser‑>GetPath()

Parameters

The GetPath method accepts no parameters.

Return Value

The GetPath method returns one of the following values:

• user_path

  Specifies the user path or distinguished name (DN).

• undef

  Specifies that the call is unsuccessful.

SetPassword Method—Sets a New Password

The SetPassword method sets a new password for the user.

Syntax

The SetPassword method has the following format:

Netegrity::PolicyMgtUser‑>SetPassword(newPwd[, oldPwd])

Parameters

The SetPassword method accepts the following parameters:

newPwd (string)

Specifies the new password.

oldPwd (string)

(Optional) Specifies the old password to change.

Note: If provided, this value must match the existing password in the user directory.

Return Value

The SetPassword method returns one of the following values:

• value = 0

  Specifies that the password change is successful.

• value = -1

  Specifies that the password change is unsuccessful.

UserPasswordState Method—Sets or Retrieves Password State Object

The UserPasswordState method sets or retrieves the password state object for the current user. Setting a new password state object updates the object's attributes with any changes that have been made. This method also clears the password history if specified by the empty-history flag.

Syntax

The UserPasswordState method has the following format:

Netegrity::PolicyMgtUser‑>UserPasswordState([pPwState][, emptyHistoryFlag])

Parameters

The UserPasswordState method accepts the following parameters:

pPwState (PolicyMgtUserPasswordState)

(Optional) Specifies the new password state object to set.

emptyHistoryFlag (int)

(Optional) Specifies whether to clear the password history.

• value = 0 (default)

  Specifies not clearing the password history.

• value = 1

  Specifies clearing the password history.

  Note: Clearing the password history sets the last-password-change-time attribute to 0. For more information, see the method PolicyMgtUserPasswordState‑>LastPWChangeTime.

Return Value

The UserPasswordState method returns one of the following values:

• PolicyMgtUserPasswordState (object)
• undef if the call is unsuccessful

ValidatePassword Method—Validates Password

The ValidatePassword method determines whether the user's password conforms to the password policy. Call ValidatePassword before calling the method SetPassword.

Syntax

The ValidatePassword method has the following format:

Netegrity::PolicyMgtUser‑>ValidatePassword(password)

Parameters

The ValidatePassword method accepts the following parameters:

password (string)

Specifies the password to validate.

Return Value

The ValidatePassword method returns one of the following values:

• value = 0

  Specifies that the password is valid.

• value = -1

  Specifies that the password is not valid.