We would like to update the disabled state through TEWS calls, but passing a value for Disabled State does not update that value in the users account.
Identity Manager
Disabled State is dynamically set and is an aggregate of other attributes such as |enabled| and 'password must change' and should not be updated directly.
To adjust the Disabled State we should be updating the |enabled| attribute. If your intention is to enable or disable a user from TEWS then the call should be to update
<_BAR_enable_BAR_>false</_BAR_enable_BAR_>
True is enabled
False is disabled.
Some examples:
The following creates a user as disabled, with a disabled state of 1 (admin disabled), even though a disabled state of 0 (enabled) is passed into TEWS:
<CreateUser xmlns="http://tews6/wsdl">
<CreateUserSearch>
<CreateNew>true</CreateNew>
<Organization>
<UniqueName>ou=im,ou=ca,o=com</UniqueName>
<AndLower>false</AndLower>
</Organization>
</CreateUserSearch>
<CreateUserProfileTab>
<_PCT_ORG_MEMBERSHIP_PCT_>ou=im,ou=ca,o=com</_PCT_ORG_MEMBERSHIP_PCT_>
<_PCT_USER_ID_PCT_>test1</_PCT_USER_ID_PCT_>
<_PCT_PASSWORD_PCT_>test1</_PCT_PASSWORD_PCT_>
<_BAR_passwordConfirm_BAR_>test1</_BAR_passwordConfirm_BAR_>
<_BAR_enable_BAR_>false</_BAR_enable_BAR_>
<_PCT_FIRST_NAME_PCT_>test</_PCT_FIRST_NAME_PCT_>
<_PCT_LAST_NAME_PCT_>one</_PCT_LAST_NAME_PCT_>
<_PCT_FULL_NAME_PCT_>testone</_PCT_FULL_NAME_PCT_>
<_PCT_ENABLED_STATE_PCT_>0</_PCT_ENABLED_STATE_PCT_>
</CreateUserProfileTab>
</CreateUser>
If you want to force a user to change their password on login:
<CreateUser xmlns="http://tews6/wsdl">
<CreateUserSearch>
<CreateNew>true</CreateNew>
<Organization>
<UniqueName>ou=im,ou=ca,o=com</UniqueName>
<AndLower>false</AndLower>
</Organization>
</CreateUserSearch>
<CreateUserProfileTab>
<_PCT_ORG_MEMBERSHIP_PCT_>ou=im,ou=ca,o=com</_PCT_ORG_MEMBERSHIP_PCT_>
<_PCT_USER_ID_PCT_>test2</_PCT_USER_ID_PCT_>
<_PCT_PASSWORD_PCT_>test2</_PCT_PASSWORD_PCT_>
<_BAR_passwordConfirm_BAR_>test2</_BAR_passwordConfirm_BAR_>
<_BAR_enable_BAR_>true</_BAR_enable_BAR_>
<_BAR_forcePasswordReset_BAR_>true</_BAR_forcePasswordReset_BAR_>
<_PCT_FIRST_NAME_PCT_>true</_PCT_FIRST_NAME_PCT_>
<_PCT_LAST_NAME_PCT_>two</_PCT_LAST_NAME_PCT_>
<_PCT_FULL_NAME_PCT_>testtwo</_PCT_FULL_NAME_PCT_>
</CreateUserProfileTab>
</CreateUser>
This will create a user with a disabled state of 16777216 (Enabled, Password Must Change)
The above describes a create or modify user type of action. If the only change is to enable or disable a user there is a specific Enable/Disable task that could be used instead of a full user modify.