Closed nikzen closed 2 months ago
Here's a more comprehensive list @nikzen found: https://jackstromberg.com/2013/01/useraccountcontrol-attributeflag-values/
It gets a bit more complex, too, as the field can also contain these search/filter extensions: https://serverfault.com/questions/166840/how-would-i-build-an-ldap-query-for-ad-that-returns-all-users-in-a-particular-se
Shouldn't appear in the actual search output, though, so that is primarily for info.
We should probably only define disable values - otherwise users must enumerate every single possible not-disabled state.
We should quickly talk to someone with more LDAP experience to confirm this is a reasonable approach.
We should probably only define disable values - otherwise users must enumerate every single possible not-disabled state.
We should quickly talk to someone with more LDAP experience to confirm this is a reasonable approach.
Good idea, lets do it like this
If anyone else starts working on this, consider basing the work off #17, it makes changes to the configuration which would cause issues for this work, and is going to merge very soon.
Description
Right now, we only allow one value for enable or disable status. However in real life, it might happen that we need to figure out if we should create or delete an account based on multiple parameters.
Here is a link of how the userAccountcontrol might look like: https://www.der-windows-papst.de/2016/12/18/active-directory-useraccountcontrol-values/
Solution
We allow to add multiple values. This means a customer can configure:
In general it will give us more flexibility.