Sun Identity Manager 8.1 Resources Reference

Disable Accounts without the nsmanageddisabledrole and nsAccountLock Attributes

If the nsmanageddisabledrole and nsAccountLock attributes are not available on your directory server, but the directory server has a similar method of disabling accounts, enter one of the following class names into the LDAP Activation Method field. The value to enter in the LDAP Activation Parameter field varies, depending on the class.

Class Name  

When to Use:  

com.waveset.adapter.util.ActivationByAttributeEnableFalse

The directory server enables an account by setting an attribute to false, and disables an account by setting the attribute to true. 

Add the attribute to the schema map. Then enter the Identity Manager name for the attribute (defined on the left side of the schema map) in the LDAP Activation Parameter field.

com.waveset.adapter.util.ActivationByAttributeEnableTrue

The directory server enables an account by setting an attribute to true, and disables an account by setting the attribute to false. 

Add the attribute to the schema map. Then enter the Identity Manager name for the attribute (defined on the left side of the schema map) in the LDAP Activation Parameter field.

com.waveset.adapter.util.ActivationByAttributePullDisablePushEnable

Identity Manager should disable accounts by pulling an attribute/value pair from LDAP and enable accounts by pushing an attribute/value pair to LDAP. 

Add the attribute to the schema map. Then enter the attribute/value pair in the LDAP Activation Parameter field. Use the Identity Manager name for the attribute, as defined on the left side of the schema map.

com.waveset.adapter.util.ActivationByAttributePushDisablePullEnable

Identity Manager should disable accounts by pushing an attribute/value pair to LDAP and enable accounts by pulling an attribute/value pair from LDAP. 

Add the attribute to the schema map. Then enter the attribute/value pair in the LDAP Activation Parameter field. Use the Identity Manager name for the attribute, as defined on the left side of the schema map.

com.waveset.adapter.util.ActivationNsManagedDisabledRole

The directory uses a specific role to determine the account status. If an account is assigned to this role, the account is disabled. 

Add the role name to the schema map. Then enter a value in the LDAP Activation Parameter field, using the following format:

IDMAttribute=CN=roleName,baseContext

IDMAttribute is the Identity Manager name for the role, as defined on the left side of the schema map.