Sm_Api_DisabledReason_t

Enumerates the reasons that a user account can be disabled.
casso126
Enumerates the reasons that a user account can be disabled.
The following APIs use Sm_Api_DisabledReason_t:
  • Policy Management API
  • Directory API
A user account can be disabled for multiple reasons. For example, if the User must change password at next login checkbox is checked and the administrator clicks Disable, an
nDisabledReason
parameter holds both the Sm_Api_Disabled_PWMustChange bit and the Sm_Api_Disabled_AdminDisabled bit.
For examples of using Sm_Api_DisabledReason_t, see the examples under Sm_PolicyApi_SetDisabledUserState().
The following table shows the bits that can be set for disabled reason. A brief explanation of each reason, organized by reason type, follows the table.
Disabled Reason
Type
Value
Sm_Api_Disabled_DisabledMask
Mask
0x00ffffff
Sm_Api_Disabled_Enabled
Mask
0
Sm_Api_Disabled_AdminDisabled
Bits
0x00000001
Sm_Api_Disabled_MaxLoginFail
Bits
0x00000002
Sm_Api_Disabled_Inactivity
Bits
0x00000004
Sm_Api_Disabled_PWExpired
Bits
0x00000008
Sm_Api_Disabled_DirNativeDisabled
Bits
0x00000010
Sm_Api_Disabled_PWMustChange
Qualifier
0x01000000
Disabled Mask
  • Sm_Api_Disabled_DisabledMask
    The disable bits mask is used to distinguish between two cases:
    • When disabled bits are set, the resulting hexadecimal value begins 0x00.
    • When users are forced to change their passwords, the resulting hexadecimal value begins 0x01.
  • Sm_Api_Disabled_Enabled
    When a user account is enabled, the value is 0, as opposed to the other cases that have non-zero values.
Disabled Bits
A user account can be disabled for one or more of the following reasons:
  • Sm_Api_Disabled_AdminDisabled
    Disabled by administrator.
  • Sm_Api_Disabled_MaxLoginFail
    Disabled for maximum login failures.
  • Sm_Api_Disabled_Inactivity
    Disabled for inactivity over a period of time.
  • Sm_Api_Disabled_PWExpired
    Disabled for password expiration.
  • Sm_Api_Disabled_DirNativeDisabled
    Disabled by the user repository and cannot be enabled in
    CA Single Sign-On
    . For example,
    CA Single Sign-On
    returns this disabled reason if an Active Directory user object expires because its accountExpires time elapsed.
Qualifier
  • Sm_Api_Disabled_PWMustChange
    Forces a user to change his or her password during the next login. When users are forced to change their passwords, the resulting hexadecimal value begins 0x01, as opposed to 0x00.