ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Can ACF2 send the SUSPEND field on the logonid record in LDS to Microsoft AD?
Article ID: 145510
ACF2ACF2 - DB2 OptionACF2 for zVMACF2 - z/OSACF2 - MISC
How would a suspended LogonID on the ACF2 side be reflected in the AD environment? Is there an attribute that could be mapped in the LDS XREF record that could reflect the LogonID has been suspended on the ACF2 side that is passed down to AD?
Release : 16.0
Component : CA ACF2 for z/OS
Most fields on the logonid record can be sent through LDS. The logonid record contains some fields that are used internally by CA ACF2 processing and not modified directly by a security administrator or user. Logonid fields that are not inserted or modified by CA ACF2 command administration or by a user are not supported by LDAP and cannot be specified as an XREF field parameter. These fields include:
Count of system accesses
Date of last system access
Source of last system access
Time of last system access
User with set cancel/suspend/mon
Node where lid is stored
Password history 1
Password history 2
Password history 3
Password history 4
Date/Time of PRVPSWD1
Date/Time of PRVPSWD2
Date/Time of PRVPSWD3
Date/Time of PRVPSWD4
Password time of date
Halfway encrypted password flag
Date of update
To specify the synchronization of the logonid record SUSPEND field in LDS, the XREF record should specify the
LIDfield1/LDAPattribute1Name/LDAPattribute1FieldType/LDAPattribute1DataFormat). For the SUSPEND field the XREF record would look like XREF(
SUSPEND/LDAPattribute1Name/CHARACTER/YN), replace LDAPattribute1Name with an attribute in Microsoft AD.