I have an AD where user's are not going to set their password as this AD will only be used on the service provider side for user's lookup so the pwdLastSet attribute it not set.
For user's Active or Disabled state there is a custom attribute in AD called userStatus.
I have enabled Enhanced Active Directory Integration, also set the IgnoreADpwdLastSet under
and in the user directory definition for this AD, I have added userStatus in the Disabled Flag.
Root of LDAP Search is: DC=corp,DC=abc,DC=com. (Note: If i change the ldap search to DC=abc,DC=com then service account is not able to connect to AD.)
Issue I am having with this setting is that SiteMinder finds the user in the AD but in disabled state.
How can I configure siteminder to check the disabled status in userStatus attribute?
Policy Server is R12.8 Sp6 on RHEL7