skip to main content

Directory Services Attribute

Account Status (tamuStatus)

Attribute details

LDAP tamuStatus attribute properties, usage and population rules
Definition: Account status flags.
Attribute Name: 'tamuStatus'
OID: 1.3.6.1.4.1.4391.0.420
URN: urn:oid:1.3.6.1.4.1.4391.0.420
Multiple Values: Multi-valued
Format: Directory String {256}
Search Syntax: EQUALITY caseIgnoreMatch
Controlled Vocabulary: Enterprise Directory People Branch:
Password status flags:
passwordExpired account password is within one week of maximum allowed age
passwordAdminSet account password was administratively changed to a randomly generated string when previous password reached maximum allowed age
ssprLocked account owner unable to use Self-Service Password Reset application to reset password
securityLocked account owner unable to use any of the password reset services to reset password

Other account status flags:
securityExpired account password has been expired early for security reasons
employmentActionLocked informational flag indicating account was locked due to an employment action
assignedDOB students are not required to provide a date of birth to an institution to enroll in classes/obtain a degree. Students present in the EIS feed without a date of birth are assigned a random birthdate.
Enterprise Directory Affiliates Branch:
vettedFormerStudent a former student who has been vetted by EIS and is allowed to activate their account
Enterprise Directory Sponsored Affiliates Branch:
passwordAdminSet account password was administratively changed to a randomly generated string when previous password reached maximum allowed age
Source: Enterprise Directory People Branch:
Password management system inserts/deletes password status flags.
If account password was expired for security reasons, account management system adds ⇒ securityExpired and passwordExpired.
If account was locked (rendered unusable by the account owner) at request of HR, account management system adds ⇒ securityLocked, employmentActionLocked and passwordAdminSet
If account was locked to prevent password reset, account management system adds ⇒ securityLocked and ssprLocked

Enterprise Directory Affiliates Branch:
EIS inserts/deletes vettedFormerStudent flag via a web service.
Enterprise Directory Sponsored Affiliates Branch:
Password management system inserts/deletes password status flags.

Directory-specific details

LDAP tamuStatus attribute properties that are dependent on directory branch or object class configuration
  Enterprise Directory
People Branch
Enterprise Directory
Affiliates Branch
Enterprise Directory
Sponsored Affiliates Branch
Directory URL: ldap.tamu.edu ldap.tamu.edu ldap.tamu.edu
Object Class: tamuPerson
tamuEduAuthN
tamuPerson
tamuEduAuthN
tamuPerson
tamuEduAuthN
Required: no no no
Indexing: Presence (pres): Improves searches for entries that contain the indexed attribute.
Equality (eq): Improves searches for entries that contain an attribute that is set to a specific value.
Presence (pres): Improves searches for entries that contain the indexed attribute.
Equality (eq): Improves searches for entries that contain an attribute that is set to a specific value.
Presence (pres): Improves searches for entries that contain the indexed attribute.
Equality (eq): Improves searches for entries that contain an attribute that is set to a specific value.
Access: Access to Enterprise Directory restricted. Access to Enterprise Directory restricted. Access to Enterprise Directory restricted.
Usage: account management
CAS redirects users to the Password Change application when the passwordExpired flag is present.
account activation account activation
Example(s): passwordExpired vettedFormerStudent