This article talks about adding UserAccountControl attribute of AD/LDAP to CPPM.
Environment : This article best suits CPPM 6.2.
If CPPM is using AD/LDAP as an authentication source, It will authenticate any user which is present in the AD/LDAP even if the account is disabled if the AD/LDAP if the UserAccountControl attribute is not added.
Below are the steps to add this attribute.
Login to CPPM and navigate to "Configuration » Authentication » Sources"
Click on the AD or LDAP server which we are using as an authentication source.
Click on the Attributes tab.
We have to add UserAccountControl under Authentication.
Click on Authentication.
Click on "Click to add" and add the attribute as shown below.
Save the configuration.
We must be able to see userAccountControl added as an Authentication attribute.
Verify that AD is returning this attribute. Click on Authentication - > Browse.
On this Ldap Browser query for any user on AD and check if AD is returning the userAccountControlattribute.
This verifies that CPPM is getting userAccountControl attribute.
When value of userAccountControl is 66050 then its disabled else the account is enabled.
We can use this attribute in our service.
Create a new Role Mapping Policy as shown below and we can map this our Dot 1 X service.
We can also add new attributes based on our requirements. For more details on the Attributes list we can visit