InetUserStatus LDAP Attribute
- directory string (UTF-8), single-valued
Specifies the status of a user's account with regard to global server access. This attribute enables the administrator to temporarily suspend, reactivate, or permanently remove access to all services for a user account. The following table lists the values for this attribute:
|active||The user account is active and the user can use all services enabled by the overlay of service-specific object classes and the service state as indicated by the particular status attribute for that service. For example, a user can use the email system if both mailUserStatus and inetDomainStatus are set to active.|
|inactive||The user account is inactive. The account cannot use any services granted by service-specific object classes. This state overrides individual service status set using the service's status attributes.|
|deleted||The account is marked as deleted. The account can remain in this state within the directory for some time (pending purging of deleted users). Service requests for a user marked as deleted must return permanent failures.|
A missing value implies status is
active. An illegal value is treated as
There are four status attributes that mail services look at and which are evaluated in this order:
mailUserStatus. The rule is: the first of these attributes that is set to something other than
active takes precedence over all the others.
The MTA option
LDAP_USER_STATUS can be used to specify a different attribute to be used for user status.
For calendar services, the attributes evaluated are:
When this attribute applies to a static group, defined using the
inetUser object class, inactivating (disabling) the group only applies to the group itself and not the users in the group.
To disable the users of a group, create a dynamic group by assigning roles to the users, and then disable the role (which disables all users assigned to that role). For more information about roles, see the Sun Java System Directory Server Administrator's Guide.