Sun Identity Manager 8.1 Resources Reference

ProcedureConfiguring the LDAP Resource to Use the nsmanageddisabledrole LDAP Role

  1. On the Resource Parameters page, set the LDAP Activation Method field to nsmanageddisabledrole.

  2. Set the LDAP Activation Parameter field to IDMAttribute=CN=nsmanageddisabledrole,baseContext. (IDMAttribute will be specified on the schema in the next step.)

  3. On the Account Attributes page, add IDMAttribute as an Identity System User attribute. Set the Resource User attribute to nsroledn. The attribute must be of type string.

  4. Create a group named nsAccountInactivationTmp on the LDAP resource and assign CN=nsdisabledrole,baseContext as a member.

    LDAP accounts can now be disabled. To verify using the LDAP console, check the value of the nsaccountlock attribute. A value of true indicates the account is locked.

    If the account is later re-enabled, the account is removed from the role.