Changing Status attribute of a user in LDAP user store
search cancel

Changing Status attribute of a user in LDAP user store

book

Article ID: 373926

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

On VIP Authentication Hub (AuthHub) 2.2.6, we found that AuthHub changed employeeType attribute (which is mapped to Status attribute) value to 2 in LDAP user store when a user reached 3 attempts of login failure.
Is this a correct AuthHub behavior? Do we have a parameter that defines this behavior?

Environment

VIP Authentication Hub 2.2.6, 3.x or later

Resolution

When we set isAuthoritativeForIDLCM  to 'true' in the LDAP configuration, then AuthHub will change Status (mapped to employeeType) attribute value to 2 (disabled, with Status Encoding is set to SiteMinder ) in the LDAP user store when the user is locked due to login failure more than userMaxStrikeCount value.

In the Admin Console the LDAP configuration's isAuthoritativeForIDLCM attribute is labeled as "User lock status is synced to the identity store".

 

Additional Information

For more details information please review the description of isAuthoritativeForIDLCM attribute in below documentation
  LDAP Configuration API