search

duttonw / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

forgotten service unlock locked account with set to false on AD #312

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Set challenge.allowUnlock=false
2. Lock account (with login password procedure using wrong password)
3. go to forgotten service
4. insert correct challenge response
5. insert new password
6. in AD the account is now unlocked

What is the expected output? What do you see instead?
The user remain locked

What version of PWM are you using?
1.6.1

What ldap directory and version are you using?
AD

Please paste any error log messages below:
Log of setting password policy and challenge response:

 challenge.randomChallenges={"":["What is the name of the main character in your favorite book?::4::200","What is your favorite hobby?::4::200","What is your favorite team?::4::200","What city / town were you born in?::4::200","What is your favorite vehicle?::4::200","If you could meet someone from history, who would it be?::4::200","What is your least favorite film of all time?::4::200","What food do you dislike the most?::4::200","What is the name of your favorite pet?::4::200","What was the name of your childhood best friend?::4::200","What is the name of your favorite sportsman?::4::200","Who is your favorite author?::4::200","What is your favorite food?::4::200","What is your partner\u0027s nickname?::4::200"],"it":["Quale e\u0027 il nome del personaggio principale del tuo libro preferito?::4::200","Quale e\u0027 il tuo hobby preferito?::4::200","Quale e\u0027 il nome del tuo animale domestico preferito?::4::200","Quale era il nome del tuo migliore amico d\u0027infanzia?::4::200","Quale è il nome del tuo sportivo preferito?::4::200","Quale cibo ti piace di meno?::4::200","Chi e\u0027 il tuo autore preferito?::4::200","Quale e\u0027 il tuo cibo preferito?::4::200","Quale e\u0027 il tuo film preferito di tutti i tempi?::4::200","Quale e\u0027 il soprannome del tuo partner?::4::200","Se potessi incontrare un personaggio storico, chi sarebbe?::4::200","Quale e\u0027 la tua squadra preferita?::4::200","In quale citta\u0027 / paese sei nato?::4::200","Quale e\u0027 il tuo veicolo preferito?::4::200"]}
  challenge.requiredChallenges={"":["What is your birth\u0027s year? (YYYY)::4::4","Write a number at leisure (minimum of 4 digits)::4::200"],"it":["Quale e\u0027 il tuo anno di nascita? (YYYY)::4::4","Scrivi un numero a piacimento (minimo 4 cifre)::4::200"]}
  challenge.minRandomsSetup=2
  challenge.allowUnlock=false
  challenge.requiredAttributes={"":[""]}
  helpdesk.enable=false
  helpdesk.enforcePasswordPolicy=false
  helpdesk.enableUnlock=false
  network.reverseDNS.enable=false

Log whre account is unlocked:

2012-12-14 14:35:15, TRACE, servlet.ForgottenPasswordServlet, {4r} unlock 
account succeeded [10.192.201.9/]

Original issue reported on code.google.com by mprat...@gmail.com on 14 Dec 2012 at 1:59

GoogleCodeExporter commented 9 years ago 
I understand that the change password process in forgotten procedure unlock the 
user. My customer security policy say that the user remain locked. How can I 
disable the unlock feature in the code?

Thanks
Maurizio

Original comment by mprat...@gmail.com on 14 Dec 2012 at 5:09