[Ltb-users] LTB and password policy requiring users to change their passwords after a reset

Gonzalez, Aliep aliep.gonzalez at rbc.com
Tue Jun 3 17:13:16 CEST 2014


Apologies if I am asking a dumb question or if this is something that has already been answered before.

I am trying to deploy LTB 0.8 to change user's passwords against Oracle Directory Server 11g. My password policy requires that users must change their passwords after a reset. As a result of that, if I try to change a user password through sending password reset link, the password operation succeeds, but since the user's "passwordExpirationTime" field is set to "19700101000000Z", I am forced to set a new password again to be able to bind to the directory.

Here is what I get when the password has been reset using the reset link:

[02/Jun/2014:14:50:10 -0400] conn=127217 op=-1 msgId=-1 - fd=41 slot=41 LDAP connection from 127.0.0.1:34025 to 127.0.0.1
[02/Jun/2014:14:50:10 -0400] conn=127217 op=0 msgId=1 - BIND dn="uid=qsfshmx,ou=people,dc=fg,dc=rbccm,dc=com" method=128 version=3
[02/Jun/2014:14:50:10 -0400] conn=127217 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=qsfshmx,ou=people,dc=fg,dc=rbccm,dc=com"
[02/Jun/2014:14:50:10 -0400] conn=127217 op=1 msgId=2 - SRCH base="ou=people,dc=fg,dc=rbccm,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[02/Jun/2014:14:50:10 -0400] conn=127217 op=1 msgId=2 - RESULT err=53 tag=101 nentries=0 etime=0, Password was reset and must be changed.
[02/Jun/2014:14:50:10 -0400] conn=127217 op=2 msgId=3 - UNBIND
[02/Jun/2014:14:50:10 -0400] conn=127217 op=2 msgId=-1 - closing from 127.0.0.1:34025 - U1 - Connection closed by unbind client -
[02/Jun/2014:14:50:10 -0400] conn=127217 op=-1 msgId=-1 - closed.

Here is the way my password policy looks:

dn: cn=Password Policy,cn=config
objectClass: top
objectClass: ldapsubentry
objectClass: pwdPolicy
objectClass: sunPwdPolicy
objectClass: passwordPolicy
cn: Password Policy
pwdAttribute: userPassword
passwordStorageScheme: SSHA
passwordChange: on
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE
passwordRootdnMayBypassModsChecks: off
passwordNonRootMayResetUserpwd: on
passwordInHistory: 13
pwdInHistory: 13
passwordMinAge: 604800
pwdMinAge: 604800
passwordCheckSyntax: on
pwdCheckQuality: 2
passwordMinLength: 6
pwdMinLength: 6
passwordMustChange: on
pwdMustChange: TRUE
passwordExp: on
passwordMaxAge: 8640000
pwdMaxAge: 8640000
passwordWarning: 1209600
pwdExpireWarning: 1209600
passwordExpireWithoutWarning: off
pwdGraceAuthNLimit: 0
pwdKeepLastAuthTime: FALSE
passwordLockout: on
pwdLockout: TRUE
passwordMaxFailure: 5
pwdMaxFailure: 5
passwordResetFailureCount: 60
pwdFailureCountInterval: 60
pwdIsLockoutPrioritized: TRUE
passwordUnlock: on
passwordLockoutDuration: 60
pwdLockoutDuration: 60

Is there any way to make LTB work with my password policy?

Thanks in advance for your help.

Aliep

_______________________________________________________________________

This email may be privileged and/or confidential, and the
sender does not waive any related rights and obligations.
Any distribution, use or copying of this email or the
information it contains by other than an intended recipient
is unauthorized. If you received this email in error,
please advise the sender (by return email or otherwise)
immediately. You have consented to receive the attached
electronically at the above-noted email address; please retain a
copy of this confirmation for future reference.

Ce courriel est confidentiel et protégé. L'expéditeur ne renonce
pas aux droits et obligations qui s'y rapportent. Toute diffusion,
utilisation ou copie de ce courriel ou des renseignements qu'il
contient par une personne autre que le (les) destinataire(s)
désigné(s) est interdite. Si vous recevez ce courriel par erreur,
veuillez en aviser l'expéditeur immédiatement, par retour de courriel
ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s)
ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus;
veuillez conserver une copie de cette confirmation pour les fins de reference future.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20140603/cffdb9ea/attachment.htm>


More information about the ltb-users mailing list