Adjust disabled state through TEWS calls - Identity Manager
search cancel

Adjust disabled state through TEWS calls - Identity Manager

book

Article ID: 277120

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

We would like to update the disabled state through TEWS calls, but passing a value for Disabled State does not update that value in the users account.

Environment

Release : 14.x
Component : Identity Manager

Cause

Disabled State is dynamically set and is an aggregate of other attributes such as |enabled| and 'password must change' and should not be updated directly.

Resolution

To adjust the Disabled State we should be updating the |enabled| attribute. If your intention is to enable or disable a user from TEWS then the call should be to update

<_BAR_enable_BAR_>false</_BAR_enable_BAR_>

True is enabled 
False is disabled. 


Some examples:

The following creates a user as disabled, with a disabled state of 1 (admin disabled), even though a disabled state of 0 (enabled) is passed into TEWS:

        <CreateUser xmlns="http://tews6/wsdl">
            <CreateUserSearch>
                <CreateNew>true</CreateNew>
                <Organization>
                    <UniqueName>ou=im,ou=ca,o=com</UniqueName>
                    <AndLower>false</AndLower>
                </Organization>
            </CreateUserSearch>
            <CreateUserProfileTab>
            <_PCT_ORG_MEMBERSHIP_PCT_>ou=im,ou=ca,o=com</_PCT_ORG_MEMBERSHIP_PCT_>
                <_PCT_USER_ID_PCT_>test1</_PCT_USER_ID_PCT_>
                <_PCT_PASSWORD_PCT_>test1</_PCT_PASSWORD_PCT_>
                <_BAR_passwordConfirm_BAR_>test1</_BAR_passwordConfirm_BAR_>
                <_BAR_enable_BAR_>false</_BAR_enable_BAR_>
                <_PCT_FIRST_NAME_PCT_>test</_PCT_FIRST_NAME_PCT_>
                <_PCT_LAST_NAME_PCT_>one</_PCT_LAST_NAME_PCT_>
                <_PCT_FULL_NAME_PCT_>testone</_PCT_FULL_NAME_PCT_>
                <_PCT_ENABLED_STATE_PCT_>0</_PCT_ENABLED_STATE_PCT_>

            </CreateUserProfileTab>
        </CreateUser>

If you want to force a user to change their password on login:

        <CreateUser xmlns="http://tews6/wsdl">
            <CreateUserSearch>
                <CreateNew>true</CreateNew>
                <Organization>
                    <UniqueName>ou=im,ou=ca,o=com</UniqueName>
                    <AndLower>false</AndLower>
                </Organization>
            </CreateUserSearch>
            <CreateUserProfileTab>
            <_PCT_ORG_MEMBERSHIP_PCT_>ou=im,ou=ca,o=com</_PCT_ORG_MEMBERSHIP_PCT_>
                <_PCT_USER_ID_PCT_>test2</_PCT_USER_ID_PCT_>
                <_PCT_PASSWORD_PCT_>test2</_PCT_PASSWORD_PCT_>
                <_BAR_passwordConfirm_BAR_>test2</_BAR_passwordConfirm_BAR_>
                <_BAR_enable_BAR_>true</_BAR_enable_BAR_>
                <_BAR_forcePasswordReset_BAR_>true</_BAR_forcePasswordReset_BAR_>
                <_PCT_FIRST_NAME_PCT_>true</_PCT_FIRST_NAME_PCT_>
                <_PCT_LAST_NAME_PCT_>two</_PCT_LAST_NAME_PCT_>
                <_PCT_FULL_NAME_PCT_>testtwo</_PCT_FULL_NAME_PCT_>
                                
            </CreateUserProfileTab>
        </CreateUser>

This will create a user with a disabled state of 16777216 (Enabled, Password Must Change)

The above describes a create or modify user type of action. If the only change is to enable or disable a user there is a specific Enable/Disable task that could be used instead of a full user modify.

Powered by Wolken Software