InetUserStatus LDAP Attribute

From Messaging Server Technical Reference Wiki
Jump to: navigation, search

directory string (UTF-8), single-valued


Specifies the status of a user's account with regard to global server access. This attribute enables the administrator to temporarily suspend, reactivate, or permanently remove access to all services for a user account. The following table lists the values for this attribute:

Status Attribute Values
Values Description
active The user account is active and the user can use all services enabled by the overlay of service-specific object classes and the service state as indicated by the particular status attribute for that service. For example, a user can use the email system if both mailUserStatus and inetDomainStatus are set to active.
inactive The user account is inactive. The account cannot use any services granted by service-specific object classes. This state overrides individual service status set using the service's status attributes.
deleted The account is marked as deleted. The account can remain in this state within the directory for some time (pending purging of deleted users). Service requests for a user marked as deleted must return permanent failures.

A missing value implies status is active. An illegal value is treated as inactive.

There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.

The MTA option LDAP_USER_STATUS can be used to specify a different attribute to be used for user status.

For calendar services, the attributes evaluated are: inetDomainStatus, icsStatus (for icsCalendarDomain), inetUserStatus, icsStatus (for icsCalendarUser).

When this attribute applies to a static group, defined using the inetUser object class, inactivating (disabling) the group only applies to the group itself and not the users in the group.

To disable the users of a group, create a dynamic group by assigning roles to the users, and then disable the role (which disables all users assigned to that role). For more information about roles, see the Sun Java System Directory Server Administrator's Guide.


inetUserStatus: inactive