|
|
|
Enumerates the reasons that a user account can be disabled.
The following APIs use Sm_Api_DisabledReason_t:
Note: A user account can be disabled for multiple reasons. For example, if the User must change password at next login checkbox is checked and the administrator clicks Disable, an nDisabledReason parameter holds both the Sm_Api_Disabled_PWMustChange bit and the Sm_Api_Disabled_AdminDisabled bit.
For examples of using Sm_Api_DisabledReason_t, see the examples under Sm_PolicyApi_SetDisabledUserState().
The following table shows the bits that can be set for disabled reason. A brief explanation of each reason, organized by reason type, follows the table.
|
Disabled Reason |
Type |
Value |
|---|---|---|
|
Sm_Api_Disabled_DisabledMask |
Mask |
0x00ffffff |
|
Sm_Api_Disabled_Enabled |
Mask |
0 |
|
Sm_Api_Disabled_AdminDisabled |
Bits |
0x00000001 |
|
Sm_Api_Disabled_MaxLoginFail |
Bits |
0x00000002 |
|
Sm_Api_Disabled_Inactivity |
Bits |
0x00000004 |
|
Sm_Api_Disabled_PWExpired |
Bits |
0x00000008 |
|
Sm_Api_Disabled_DirNativeDisabled |
Bits |
0x00000010 |
|
Sm_Api_Disabled_PWMustChange |
Qualifier |
0x01000000 |
Disabled Mask
The disable bits mask is used to distinguish between two cases:
When a user account is enabled, the value is 0, as opposed to the other cases that have non-zero values.
Disabled Bits
A user account can be disabled for one or more of the following reasons:
Disabled by administrator.
Disabled for maximum login failures.
Disabled for inactivity over a period of time.
Disabled for password expiration.
Disabled by the user repository and cannot be enabled in SiteMinder. For example, SiteMinder returns this disabled reason if an Active Directory user object expires because its accountExpires time elapsed.
Qualifier
Forces a user to change his or her password during the next login. When users are forced to change their passwords, the resulting hexadecimal value begins 0x01, as opposed to 0x00.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |