When a user directory is configured for IdentityMinder, there is an attribute "Disable Flag(RW)", which may hold different values.
0 - means enabled
1 - means disabled
2 - means user locked due to too many login attempts with wrong password
16777216 - means user enabled but must change password
16777218 - means user locked due to too many login attempts with wrong password and must change password
Are they correct? Any more possible values?
The above values are correct. Did you install the Siteminder Dev. Kit when installing Siteminder ?
The comprehensive list of these values are listed in the SmApi.h (SiteMinder/SDK/include).
In any case, here they are :
State = Hex = Decimal
Sm_Api_Disabled_AdminDisabled = 0x00000001 = 1
Sm_Api_Disabled_MaxLoginFail = 0x00000002 = 2
Sm_Api_Disabled_Inactivity = 0x00000004 = 4
Sm_Api_Disabled_PWExpired = 0x00000008 = 8
Sm_Api_Disabled_PWMustChange = 0x01000000 = 16777216
Sm_Api_Disabled_AdminDisabled | Sm_Api_Disabled_PWMustChange = 0x01000001 = 16777217
Sm_Api_Disabled_MaxLoginFail | Sm_Api_Disabled_PWMustChange = 0x01000002 = 16777218
Sm_Api_Disabled_Inactivity | Sm_Api_Disabled_PWMustChange = 0x01000004 = 16777220
Sm_Api_Disabled_PWExpired | Sm_Api_Disabled_PWMustChange = 0x01000008 = 16777224