User account specific settings
The user account in the external directory has the following new settings:
| Setting | Description |
|---|---|
| ubiloginAccountControl: cant-change-credentials | If multi valued attribute "ubiloginAccountControl" is added with value "cant-change-credentials", the user can not change his/her password from UAS. |
| ubiloginAccountControl: dont-expire-credentials | If multi valued attribute "ubiloginAccountControl" is added with value "dont-expire-credentials", the user's password will not expire and setting "policy.password.max-age" is ignored. |
| ubiloginPasswordLastSet: 0 | If attribute "ubiloginPasswordLastSet" is set to value "0", then the user has to change password at next login. |
| ubiloginNotBefore: | The time before which the user account is disabled and can not be used. Timestamp is given in milliseconds after Epoch. |
| ubiloginNotOnOrAfter: | The time after which the user account is disabled and can not be used. Timestamp is given in milliseconds after Epoch. |
| ubiloginEnabled: | The account can be disabled by setting this attribute value to "FALSE". Default value is "TRUE". |
| ubiloginBadLogonCount: | The systems keeps count of bad logons in this attribute. If this count exceeds the value in setting policy.lockout.threshold, the user account is locked. The administrator may cancel this locking by setting this attribute value to 0. |
Updating the External Directory Schema
The external directory needs a schema update that will install a new auxiliary class "ubiloginAccount" to directory. The user objects used with external directory password policies have to include this class.
...