On the Resource Parameters page, set the LDAP Activation Method field to nsaccountlock.
Set the LDAP Activation Parameter field to IDMAttribute=true. (IDMAttribute will be specified on the schema in the next step.) For example, accountLockAttr=true.
On the Account Attributes page, add the value specified in the LDAP Activation Parameter field as an Identity System User attribute. Set the Resource User attribute to nsaccountlock. The attribute must be of type string.
Set the nsAccountLock LDAP attribute on the resource to true.
Identity Manager sets nsaccountlock to true when disabling an account. It also assumes that pre-existing LDAP users that have nsaccountlock set to true are disabled. If the nsaccountlock has any value other than true (including null), the system concludes the user is enabled.