CLI User Methods
Contents
casso126
Contents
DisableByAdmin Method Sets or Retrieves Disabled-by-Administrator Flag
The DisableByAdmin method sets or retrieves the disabled-by-administrator flag which specifies whether the user account is disabled by the administrator.
Syntax
The DisableByAdmin method has the following format:
Netegrity::PolicyMgtUser->DisableByAdmin([disableFlag])
Parameters
The DisableByAdmin method accepts the following parameter:
- disableFlag(int)(Optional) Specifies a new value for the disabled-by-administrator flag.
- value = 1Specifies that the user account is disabled by the administrator.
- value = 0Specifies that the user account is not disabled by the administrator.Note:The user account can be disabled for other reasons. For more information, see Remarks.
Return Value
The DisableByAdmin method returns the new or existing value for the disabled-by-administrator flag:
- value = 1Specifies that the user account is disabled by the administrator.
- value = 0Specifies that the user account isnotdisabled by the administrator.Note:The user account can be disabled for other reasons. For more information, see Remarks.
- value = -1Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
- The administrator disabled the user account.
- Account inactivity exceeded the time allowed.For more information, see the method PolicyMgtUser>DisableInactive.
- The number of login failures exceeded the maximum allowed.For more information, see the method PolicyMgtUser>DisableMaxLoginFail.
- The password expired.For more information, see the method PolicyMgtUser>DisablePwdExpired.
DisableInactive Method Sets or Retrieves Disabled-by-Inactivity Flag
The DisableInactive method sets or retrieves the disabled-by-inactivity flag which specifies whether the user account is disabled because account inactivity exceeded the time allowed.
Syntax
The DisableInactive method has the following format:
Netegrity::PolicyMgtUser->DisableInactive([disableFlag])
Parameters
The DisableInactive method accepts the following parameter:
- disableFlag(int)(Optional) Specifies a new value for the disabled-by-inactivity flag.
- value = 1
Specifies that the user account is disabled because of inactivity.- value = 0
Specifies that the user account is not disabled because of inactivity.Note:The user account can be disabled for other reasons. For more information, see Remarks.
Return Value
The DisableInactive method returns the new or existing value for the disabled-by-inactivity flag:
- value = 1Specifies that the user account is disabled because of inactivity.
- value = 0Specifies that the user account isnotdisabled because of inactivity.Note:The user account can be disabled for other reasons. For more information, see Remarks.
- value = -1Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
- The administrator disabled the user account.For more information, see the method PolicyMgtUser>DisableByAdmin.
- Account inactivity exceeded the time allowed.
- The number of login failures exceeded the maximum allowed.For more information, see the method PolicyMgtUser>DisableMaxLoginFail.
- The password expired.For more information, see the method PolicyMgtUser>DisablePwdExpired.
DisableMaxLoginFail Method Sets or Retrieves Disabled-by-Max-Login-Failure Flag
The DisableMaxLoginFail method sets or retrieves the disabled-by-max-login-failure flag which specifies whether the user account is disabled because the number of login failures exceeded the maximum allowed.
Syntax
The DisableMaxLoginFail method has the following format:
Netegrity::PolicyMgtUser->DisableMaxLoginFail([disableFlag])
Parameters
The DisableMaxLoginFail method accepts the following parameter:
- disableFlag(int)(Optional) Specifies a new value for the disabled-by-max-login-failure flag.
- value = 1Specifies that the user account is disabled because the number of login failures exceeded the maximum allowed.
- value = 0Specifies that the user account is not disabled because the number of login failures exceeded the maximum allowed.Note:The user account can be disabled for other reasons. For more information, see Remarks.
Return Value
The DisableMaxLoginFail method returns the new or existing value for the disabled-by-max-login-failure flag:
- value = 1Specifies that the user account is disabled because the number of login failures exceeded the maximum allowed.
- value = 0Specifies that the user account isnotdisabled because the number of login failures exceeded the maximum allowed.Note:The user account can be disabled for other reasons. For more information, see Remarks.
- value = -1Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
- The administrator disabled the user account.For more information, see the method PolicyMgtUser>DisableByAdmin.
- Account inactivity exceeded the time allowed.For more information, see the method PolicyMgtUser>DisableInactive.
- The number of login failures exceeded the maximum allowed.
- The password expired.For more information, see the method PolicyMgtUser>DisablePwdExpired.
DisablePwdExpired Method Sets or Retrieves Disabled-by-Password-Expired Flag
The DisablePwdExpired method sets or retrieves the disabled-by-password-expired flag that specifies whether the user account is disabled because the password expired.
Syntax
The DisablePwdExpired method has the following format:
Netegrity::PolicyMgtUser->DisablePwdExpired([disableFlag])
Parameters
The DisablePwdExpired method accepts the following parameter:
- disableFlag(int)(Optional) Specifies a new value for the disabled-by-password-expired flag.
- value = 1Specifies that the user account is disabled because the password expired.
- value = 0Specifies that the user account is not disabled because the password expired.
- Note:The user account can be disabled for other reasons. For more information, see Remarks.
Return Value
The DisablePwdExpired method returns the new or existing value for the disabled-by-password-expired flag:
- value = 1Specifies that the user account is disabled because the password expired.
- value = 0Specifies that the user account isnotdisabled because the password expired.Note:The user account can be disabled for other reasons. For more information, see Remarks.
- value = -1Specifies that the call is unsuccessful.
Remarks
User accounts can be disabled for one or more of the following reasons:
- The administrator disabled the user account.For more information, see the method PolicyMgtUser>DisableByAdmin.
- Account inactivity exceeded the time allowed.For more information, see the method PolicyMgtUser>DisableInactive.
- The number of login failures exceeded the maximum allowed.For more information, see the method PolicyMgtUser>DisableMaxLoginFail.
- The password expired.
ForcePwdChange Method Sets or Retrieves Force-Password-Change Flag
The ForcePwdChange method sets or retrieves the force-password-change flag that specifies whether to force a password change at the next user login.
Syntax
The ForcePwdChange method has the following format:
Netegrity::PolicyMgtUser->ForcePwdChange([forceFlag])
Parameters
The ForcePwdChange method accepts the following parameter:
- forceFlag(int)(Optional) Specifies whether to force a password change at the next user login.
- value = 1Specifies forcing a password change at the next user login.
- value = 0Specifiesnotforcing a password change at the next user login.
Return Value
The ForcePwdChange method returns the new or existing value for the force-password-change flag.
- value = 1Specifies forcing a password change at the next user login.
- value = 0Specifiesnotforcing a password change at the next user login.
- value = -1Specifies that the call is unsuccessful.
GetClass Method Retrieves User Class
The GetClass method retrieves the user class.
Syntax
The GetClass method has the following format:
Netegrity::PolicyMgtUser->GetClass()
Parameters
The GetClass method accepts no parameters.
Return Value
The GetClass method returns one of the following values:
- user_classExample:"organization"
- undefif the call is unsuccessful
SetPassword Method Sets a New Password
The SetPassword method sets a new password for the user.
Syntax
The SetPassword method has the following format:
Netegrity::PolicyMgtUser->SetPassword(newPwd[, oldPwd])
Parameters
The SetPassword method accepts the following parameters:
- newPwd(string)Specifies the new password.
- oldPwd(string)(Optional) Specifies the old password to change.Note:If provided, this value must match the existing password in the user directory.
Return Value
The SetPassword method returns one of the following values:
- value = 0Specifies that the password change is successful.
- value = -1Specifies that the password change is unsuccessful.
UserPasswordState Method Sets or Retrieves Password State Object
The UserPasswordState method sets or retrieves the password state object for the current user. Setting a new password state object updates the object's attributes with any changes that have been made. This method also clears the password history if specified by the empty-history flag.
Syntax
The UserPasswordState method has the following format:
Netegrity::PolicyMgtUser->UserPasswordState([pPwState][, emptyHistoryFlag])
Parameters
The UserPasswordState method accepts the following parameters:
- pPwState(PolicyMgtUserPasswordState)(Optional) Specifies the new password state object to set.
- emptyHistoryFlag(int)(Optional) Specifies whether to clear the password history.
- value = 0 (default)Specifiesnotclearing the password history.
- value = 1Specifies clearing the password history.Note:Clearing the password history sets the last-password-change-time attribute to 0. For more information, see the method PolicyMgtUserPasswordState>LastPWChangeTime.
Return Value
The UserPasswordState method returns one of the following values:
- PolicyMgtUserPasswordState (object)
- undefif the call is unsuccessful
ValidatePassword Method Validates Password
The ValidatePassword method determines whether the user's password conforms to the password policy. Call ValidatePassword before calling the method SetPassword.
Syntax
The ValidatePassword method has the following format:
Netegrity::PolicyMgtUser->ValidatePassword(password)
Parameters
The ValidatePassword method accepts the following parameters:
- password(string)Specifies the password to validate.
Return Value
The ValidatePassword method returns one of the following values:
- value = 0Specifies that the password is valid.
- value = -1Specifies that the password isnotvalid.