Adjust disabled state through TEWS calls.
search cancel

Adjust disabled state through TEWS calls.

book

Article ID: 277120

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

We would like to update the disabled state through TEWS calls, but passing a value for Disabled State does not update that value in the users account. 

Environment

Identity Manager

Cause

Disabled State is dynamically set and is an aggregate of other attributes such as |enabled| and 'password must change' and should not be updated directly. 

Resolution

To adjust the Disabled State we should be updating the |enabled| attribute.  If your intention is to enable or disable a user from TEWS then the call should be to update

<_BAR_enable_BAR_>false</_BAR_enable_BAR_>

True is enabled 
False is disabled. 


Some examples: 

The following creates a user as disabled, with a disabled state of 1 (admin disabled), even though a disabled state of 0 (enabled) is passed into TEWS:

        <CreateUser xmlns="http://tews6/wsdl">
            <CreateUserSearch>
                <CreateNew>true</CreateNew>
                <Organization>
                    <UniqueName>ou=im,ou=ca,o=com</UniqueName>
                    <AndLower>false</AndLower>
                </Organization>
            </CreateUserSearch>
            <CreateUserProfileTab>
            <_PCT_ORG_MEMBERSHIP_PCT_>ou=im,ou=ca,o=com</_PCT_ORG_MEMBERSHIP_PCT_>
                <_PCT_USER_ID_PCT_>test1</_PCT_USER_ID_PCT_>
                <_PCT_PASSWORD_PCT_>test1</_PCT_PASSWORD_PCT_>
                <_BAR_passwordConfirm_BAR_>test1</_BAR_passwordConfirm_BAR_>
                <_BAR_enable_BAR_>false</_BAR_enable_BAR_>
                <_PCT_FIRST_NAME_PCT_>test</_PCT_FIRST_NAME_PCT_>
                <_PCT_LAST_NAME_PCT_>one</_PCT_LAST_NAME_PCT_>
                <_PCT_FULL_NAME_PCT_>testone</_PCT_FULL_NAME_PCT_>
                <_PCT_ENABLED_STATE_PCT_>0</_PCT_ENABLED_STATE_PCT_>

            </CreateUserProfileTab>
        </CreateUser>

 


If you want to force a user to change their password on login:

        <CreateUser xmlns="http://tews6/wsdl">
            <CreateUserSearch>
                <CreateNew>true</CreateNew>
                <Organization>
                    <UniqueName>ou=im,ou=ca,o=com</UniqueName>
                    <AndLower>false</AndLower>
                </Organization>
            </CreateUserSearch>
            <CreateUserProfileTab>
            <_PCT_ORG_MEMBERSHIP_PCT_>ou=im,ou=ca,o=com</_PCT_ORG_MEMBERSHIP_PCT_>
                <_PCT_USER_ID_PCT_>test2</_PCT_USER_ID_PCT_>
                <_PCT_PASSWORD_PCT_>test2</_PCT_PASSWORD_PCT_>
                <_BAR_passwordConfirm_BAR_>test2</_BAR_passwordConfirm_BAR_>
                <_BAR_enable_BAR_>true</_BAR_enable_BAR_>
                <_BAR_forcePasswordReset_BAR_>true</_BAR_forcePasswordReset_BAR_>
                <_PCT_FIRST_NAME_PCT_>true</_PCT_FIRST_NAME_PCT_>
                <_PCT_LAST_NAME_PCT_>two</_PCT_LAST_NAME_PCT_>
                <_PCT_FULL_NAME_PCT_>testtwo</_PCT_FULL_NAME_PCT_>
                                
            </CreateUserProfileTab>
        </CreateUser>

This will create a user with a  disabled state of 16777216 (Enabled, Password Must Change)




Additional Information

The above describes a create or modify user type of action.    If the only change is to enable or disable a user there is a specific Enable/Disable task that could be used instead of a full user modify.