Account locking and validity attributes
The next table shows attributes related to account validity and -locking. They are relevant for the LDAP Connector plugin.
Attribute name (examples) | Usage | Type | LDAP Connector plugin | LDAP Token List Persister plugin | LDAP Password Self-Service Token Persister plugin |
|---|---|---|---|---|---|
| Flag telling whether the user is locked. Locked users cannot log in. | Boolean | O | ||
| Date and time when the user was locked the last time. May be empty. | Timestamp | O | ||
| Reason why the user is locked. May be empty. | String | O | ||
| Flag telling whether the user account is valid. Invalid accounts cannot be used for authentication. Defaults to true. | Boolean | O | ||
| Date and time before which the user account is considered to be invalid. Invalid accounts cannot be used for authentication. Defaults to true. | Timestamp | O | ||
| Date and time after which the user account is considered to be invalid. Invalid accounts cannot be used for authentication. Defaults to true. | Timestamp | O | ||
| Counts the number of failed login attempts since the latest successful login. | Integer | O | ||
| Counts the number of failed attempts on authentication tokens | String | R | ||
| Counts the number of failed login attempts reached before the latest successful login. | Integer | O | ||
| Counts the number of failed step-up attempts. | Integer | O |
- R = Required by plugin
- O = Optional, may be used by plugin