skip to main content
Infrastructure Division of Information Technology

Directory Services Attribute

Account Status (tamuStatus)

Attribute details

LDAP tamuStatus attribute properties, usage and population rules
Definition: Account status flags.
Attribute Name: 'tamuStatus'
OID: 1.3.6.1.4.1.4391.0.420
URN: urn:oid:1.3.6.1.4.1.4391.0.420
Multiple Values: Multi-valued
Format: Directory String {256}
Search Syntax: EQUALITY caseIgnoreMatch
Controlled Vocabulary: Enterprise Directory People Branch:
Password status flags:
passwordExpired account password is within one week of maximum allowed age
passwordAdminSet account password was administratively changed to a randomly generated string when previous password reached maximum allowed age
ssprLocked account holder unable to use Self-Service Password Reset application to reset password

Other account status flags:
externalAuthExpired account holder required to set up NetID and password
securityExpired account password has been expired early for security reasons
securityLocked account locked for security reasons, all password reset services disabled for the account
networkLocked account blocked from using wireless or VPN for security reasons
employmentActionLocked informational flag indicating account was locked due to an employment action
lifecycleLocked account locked by automated lifecycle processes (account holder no longer eligible for account)
assignedDOB students are not required to provide a date of birth to an institution to enroll in classes/obtain a degree. Students present in the EIS feed without a date of birth are assigned a random birthdate.
Enterprise Directory Affiliates Branch:
vettedFormerStudent a former student who has been vetted by EIS and is allowed to activate their account
Enterprise Directory Sponsored Affiliates Branch:
passwordAdminSet account password was administratively changed to a randomly generated string when previous password reached maximum allowed age
Source: Enterprise Directory People Branch:
Password management system inserts/deletes password status flags (passwordExpired and passwordAdminSet).
If account password was expired for security reasons, account management system adds ⇒ securityExpired and passwordExpired.
If account was manually locked (rendered unusable by the account holder) at request of HR, account management system adds ⇒ securityLocked, employmentActionLocked and passwordAdminSet
If account was manually blocked from using wireless or vpn for security reasons, account management system adds ⇒ networkLocked
If account was manually locked for security reasons, account management system adds ⇒ securityLocked, ssprLocked and passwordAdminSet
If account was locked by automated lifecycle processes ⇒ lifecycleLocked and passwordAdminSet
If account holder is required to set up a NetID and password when they have been using an external account for authentication ⇒ externalAuthExpired
Enterprise Directory Affiliates Branch:
EIS inserts/deletes vettedFormerStudent flag via a web service.
Enterprise Directory Sponsored Affiliates Branch:
Password management system inserts/deletes password status flags.

Directory-specific details

LDAP tamuStatus attribute properties that are dependent on directory branch or object class configuration
  Enterprise Directory
People Branch
Enterprise Directory
Affiliates Branch
Enterprise Directory
Sponsored Affiliates Branch
Directory URL: ldap.tamu.edu ldap.tamu.edu ldap.tamu.edu
Object Class: tamuPerson
tamuEduAuthN
tamuPerson
tamuEduAuthN
tamuPerson
tamuEduAuthN
Required: no no no
Indexing: Presence (pres): Improves searches for entries that contain the indexed attribute.
Equality (eq): Improves searches for entries that contain an attribute that is set to a specific value.
Presence (pres): Improves searches for entries that contain the indexed attribute.
Equality (eq): Improves searches for entries that contain an attribute that is set to a specific value.
Presence (pres): Improves searches for entries that contain the indexed attribute.
Equality (eq): Improves searches for entries that contain an attribute that is set to a specific value.
Access: Access to Enterprise Directory restricted. Access to Enterprise Directory restricted. Access to Enterprise Directory restricted.
Usage: account management
CAS redirects users to the Password Change application when the passwordExpired flag is present.
account activation account activation
Example(s): passwordExpired vettedFormerStudent