This is a question :
Many organisations do not delete old/inactive users in AD ( Active Directory)
They simply make them as DISABLED.
When LDAP is integrated in OBIEE, it brings in both Enabled (Active) and Disabled users.
We would like exclude those disabled users at the LDAP integration level.
We found out in another website that there seems to be one attribute/value
that filters Disabled users out. [(!userAccountControl:1.2.840.1135184.108.40.2063:=2)]
I would like to know your inputs on the same.
Just in case the said attribute/value is correct and if should try it out then my question is where exactly I should write it.
I have the documentation on LDAP integration with OBIEE including snapshots. Now here are several config attributes such as -
Where exactly should I put that value ? Any idea ?
User Base DN
All Users Filter
User From Name Filter
User Name Attribute
Object User Class
Group Base DN
All Groups Filter
Group From Name Filter
(Note- Please ignore if there are any typos in my writing)
Perhaps an LDAP strategy of moving disabled accounts to a disabled group out of the active group(s) [in addition to marking them disabled] ... then you are pulling only from the active set.