Sm_Api_DisabledReason_t
Enumerates the reasons that a user account can be disabled.
casso10
Enumerates the reasons that a user account can be disabled.
The following APIs use Sm_Api_DisabledReason_t:
- Policy Management API
- Directory API
A user account can be disabled for multiple reasons. For example, if the User must change password at next login checkbox is checked and the administrator clicks Disable, an
nDisabledReason
parameter holds both the Sm_Api_Disabled_PWMustChange bit and the Sm_Api_Disabled_AdminDisabled bit.For examples of using Sm_Api_DisabledReason_t, see the examples under Sm_PolicyApi_SetDisabledUserState().
The following table shows the bits that can be set for disabled reason. A brief explanation of each reason, organized by reason type, follows the table.
Disabled Reason | Type | Value |
Sm_Api_Disabled_DisabledMask | Mask | 0x00ffffff |
Sm_Api_Disabled_Enabled | Mask | 0 |
Sm_Api_Disabled_AdminDisabled | Bits | 0x00000001 |
Sm_Api_Disabled_MaxLoginFail | Bits | 0x00000002 |
Sm_Api_Disabled_Inactivity | Bits | 0x00000004 |
Sm_Api_Disabled_PWExpired | Bits | 0x00000008 |
Sm_Api_Disabled_DirNativeDisabled | Bits | 0x00000010 |
Sm_Api_Disabled_PWMustChange | Qualifier | 0x01000000 |
Disabled Mask
- Sm_Api_Disabled_DisabledMaskThe disable bits mask is used to distinguish between two cases:
- When disabled bits are set, the resulting hexadecimal value begins 0x00.
- When users are forced to change their passwords, the resulting hexadecimal value begins 0x01.
- Sm_Api_Disabled_EnabledWhen a user account is enabled, the value is 0, as opposed to the other cases that have non-zero values.
Disabled Bits
A user account can be disabled for one or more of the following reasons:
- Sm_Api_Disabled_AdminDisabledDisabled by administrator.
- Sm_Api_Disabled_MaxLoginFailDisabled for maximum login failures.
- Sm_Api_Disabled_InactivityDisabled for inactivity over a period of time.
- Sm_Api_Disabled_PWExpiredDisabled for password expiration.
- Sm_Api_Disabled_DirNativeDisabledDisabled by the user repository and cannot be enabled inCA Single Sign-On. For example,CA Single Sign-Onreturns this disabled reason if an Active Directory user object expires because its accountExpires time elapsed.
Qualifier
- Sm_Api_Disabled_PWMustChangeForces a user to change his or her password during the next login. When users are forced to change their passwords, the resulting hexadecimal value begins 0x01, as opposed to 0x00.