Overview#

The account is disabled typically by setting a value on the entry.

When we refer to Administratively Disabled, this typically implies explicit permanently disabled entries. An Administratively Disabled entry can typically only be enabled by changing the Administratively Disabled attribute value.

This is NOT Locked By Intruder or any other form of lock out that might be activated by activities performed by the entry.

EDirectory loginDisabled#

EDirectory uses loginDisabled to indicate Administratively Disabled

Oracle orclisenabled#

How Oracle's OID uses orclisenabled to indicate Administratively Disabled

Active Directory Locked Accounts#

Microsoft Active Directory uses the ACCOUNTDISABLE bit of the User-Account-Control Attribute to indicate Administratively Disabled

draft-behera-ldap-password-policy#

LDAP Server Implementations that use draft-behera-ldap-password-policy use the pwdAccountLockedTime to indicate Administratively Disabled

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-9) was last changed on 17-Dec-2015 11:30 by jim