erAccountItem

erAccountItem

The erAccountItem class is an auxiliary class that defines required attributes for a user account. The parent class is top.

Attribute name Description Enter

erUid Account login ID. directory string

Owner DN of the account owner. distinguished name

erAccountStatus Account status. integer

erAccountCategory Account category. directory string

erAccountCompliance Compliancy of the account. Possible values are:
Uncheck account (0)

Compliant account (1).
Unauthorized account (2.
Constraints violated account (3.
integer

erPassword Account login password. binary

erPswdLastChanged Date and time that the password was last changed. generalized time

erHistoricalPassword Previous account login password. binary

erService DN of the account service. distinguished name

erLastAccessDate Last login date. generalized time

erPasswordLastChangedBy⁴ The DN of the person which last changed the password. distinguished name

erCreateDate Timestamp of when the object is created. The timestamp is in Greenwich Mean Time (GMT) format. directory string

erLastAction The last action performed on the entity. directory string

erLastStatusChangeDate Timestamp of when the status is updated. The timestamp is in GMT format. directory string

erLastOperation Available for custom use for lifecycle event. directory string

erLastCertifiedDate¹ Timestamp of when the object was last certified. directory string

erLastRecertificationAction² The last recertification action applied to the account. Valid values are:
Certified (CERTIFIED.
Administrator override certified (CERTIFIED_ADMIN.
Rejected and marked (REJECTED_MARK.
Rejected and suspended (REJECTED_SUSPEND.
directory string

erLastRecertificationActionDate³ Timestamp of the last recertification action applied to the account. directory string

erAccessLastCertifiedDate² Timestamp of when the access was last certified. A multivalued attribute that contains “;;” delimited strings. The first part of each string is the DN of the group definition associated with the access. The second part is the timestamp of when the access was last certified. directory string

erAccessRecertificationLastAction² The last recertification action applied to a group or access. A multivalued attribute that contains “;;” delimited strings. The first part of each string is the DN of the group definition. The second part is the last action taken on the group or access. Valid values are:
Certified (CERTIFIED.
Administrator override certified (CERTIFIED_ADMIN.
Rejected and marked (REJECTED_MARK.
directory string

erAccessRecertificationLastActionDate³ Timestamp of the last recertification action applied to a group or access. A multivalued attribute that contains “;;” delimited strings. The first part of each string is the DN of the group definition. The second part is the timestamp of the last action. directory string

erObjectType² The value represents the type of the account. Predefined values are:
0 – user accoun.
1 – system accoun.
integer

erObjectProfileName Name of the ownership type. directory string

erAccountOwnershipType⁴ The account ownership type. If the value is not specified, it is interpreted as Individual account. directory string

erURI⁴ The universal resource identifier. directory string

erCVCatalog⁴ The DN of the credential if the account is added to the credential vault. distinguished name

¹ Indicates the attribute is added in release 4.6 Express .
² Indicates the class is added in release 5.0.
³ Indicates the class is added in release 5.1.
⁴ Indicates the attribute is added in ISIM 6.0.
Parent topic: Service classes

Attribute name	Description	Enter
erUid	Account login ID.	directory string
Owner	DN of the account owner.	distinguished name
erAccountStatus	Account status.	integer
erAccountCategory	Account category.	directory string
erAccountCompliance	Compliancy of the account. Possible values are: Uncheck account (0) Compliant account (1). Unauthorized account (2. Constraints violated account (3.	integer
erPassword	Account login password.	binary
erPswdLastChanged	Date and time that the password was last changed.	generalized time
erHistoricalPassword	Previous account login password.	binary
erService	DN of the account service.	distinguished name
erLastAccessDate	Last login date.	generalized time
erPasswordLastChangedBy⁴	The DN of the person which last changed the password.	distinguished name
erCreateDate	Timestamp of when the object is created. The timestamp is in Greenwich Mean Time (GMT) format.	directory string
erLastAction	The last action performed on the entity.	directory string
erLastStatusChangeDate	Timestamp of when the status is updated. The timestamp is in GMT format.	directory string
erLastOperation	Available for custom use for lifecycle event.	directory string
erLastCertifiedDate¹	Timestamp of when the object was last certified.	directory string
erLastRecertificationAction²	The last recertification action applied to the account. Valid values are: Certified (CERTIFIED. Administrator override certified (CERTIFIED_ADMIN. Rejected and marked (REJECTED_MARK. Rejected and suspended (REJECTED_SUSPEND.	directory string
erLastRecertificationActionDate³	Timestamp of the last recertification action applied to the account.	directory string
erAccessLastCertifiedDate²	Timestamp of when the access was last certified. A multivalued attribute that contains “;;” delimited strings. The first part of each string is the DN of the group definition associated with the access. The second part is the timestamp of when the access was last certified.	directory string
erAccessRecertificationLastAction²	The last recertification action applied to a group or access. A multivalued attribute that contains “;;” delimited strings. The first part of each string is the DN of the group definition. The second part is the last action taken on the group or access. Valid values are: Certified (CERTIFIED. Administrator override certified (CERTIFIED_ADMIN. Rejected and marked (REJECTED_MARK.	directory string
erAccessRecertificationLastActionDate³	Timestamp of the last recertification action applied to a group or access. A multivalued attribute that contains “;;” delimited strings. The first part of each string is the DN of the group definition. The second part is the timestamp of the last action.	directory string
erObjectType²	The value represents the type of the account. Predefined values are: 0 – user accoun. 1 – system accoun.	integer
erObjectProfileName	Name of the ownership type.	directory string
erAccountOwnershipType⁴	The account ownership type. If the value is not specified, it is interpreted as Individual account.	directory string
erURI⁴	The universal resource identifier.	directory string
erCVCatalog⁴	The DN of the credential if the account is added to the credential vault.	distinguished name