Mohammed Rahman wrote:
Hi,I am trying to find a standard search attribute that tells me if a user entry in LDAP is active or inactive. Anyone knows?
There is no such standard attribute.
iPlanet Directory Server 5.0 and later has a feature called account inactivation that allows the administrator to inactivate a user account without removing the user entry. For more info, see the User account management chapter of the Administrators guide (http://docs.sun.com/source/816-5606-10/password.htm#1062664).
The attribute used in iDS 5.x is called nsaccountlock. This is a virtual and operational attribute, i.e. you have to explicitly specify this attribute type in the search request to see it in the search result.
I hope this helps.
Bertold
