When we send an LDAP query to IM Provisioning Server to find Active Directory account, eTSuspended attribute may not be returned depending on query details.
When we use subtree scope, base DN as endpoint DN, and we have a filter containing (objectClass=eTADSAccount), eTSuspened value is not reurned, even if explicitly requested.
I.e. such request:
ldapsearch -LLL -h <IMPS hostname> -p 20389 -s sub -D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -W -b "eTADSDirectoryName=<AD endpoint name>,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" "(&(objectClass=eTADSAccount)(eTADSAccountName=<AD account name>))" eTSuspended
does not return eTSuspended
Release : 14.x
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
Remove (objectClass=eTADSAccount) from LDAP filter.
This issue will be fixed in future IM releases.