Cannot activate accounts in 389/RHDS

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Try to activate an account

What is the expected output?  What do you see instead?
Should proceed with the activation workflow - set password, set 
challenge/response questions, perform post-activation actions.

Instead, it fails with the following error and no option to continue.
"An error occurred while activating your account. Please contact your 
administrator. { 5048 ERROR_ACTIVATION_FAILURE (error unlocking user 
uid=xxxxx,ou=users,dc=xxxxx,dc=com: [LDAP: error code 16 - No Such Attribute]) 
}"

The cause appears to be related to the change made in revision 531 for issue 
296.  pwdAccountLockedTime does not exist in RHDS, and PWM treats that result 
as a hard failure.  I would actually consider this to be three separate but 
related bugs, listed in order of importance:

1. When using 389/RHDS, PWM should (if set to do so) try to modify the proper 
attributes:  set passwordRetryCount=0 and delete accountUnlockTime.  This has 
been previously reported to the ldapchai project in issue 11.

2. PWM probably should not treat the non-existence of this attribute as a fatal 
error.  If the attribute doesn't exist, then that means it's not in effect so 
the net result is the same.

3. PWM probably should have an option for this in the activation module similar 
to the "Allow Unlock" option in the forgotten password module.  If I could 
simply disable this.  There may be cases where this isn't specifically wanted.

What version of PWM are you using?
nightly build 20130820

What ldap directory and version are you using?
RHDS 9.1.0 (389 DS 1.2.11.15)

Two additional notes:

1. The bug report for ldapchai contains a lot of useful information related to 
this, so I'd highly recommend giving it a read:
https://code.google.com/p/ldapchai/issues/detail?id=11

2. Based on my prior experience with PWM I'm sure this will be addressed in 
some future version, but unfortunately I have a short timeline to get a new 
version up and running with features we need (particularly regarding web 
service calls and minimum password age) not available in the last stable build, 
hence my use of a nightly.  Is there any quick workaround I can put in place to 
make the 20130820 build usable for us while waiting for a "proper" fix?  So far 
I haven't found anything that doesn't involve editing and recompiling ldapchai, 
which I'm extremely hesitant to do.  If there are any other workarounds I've 
over looked, I'd greatly appreciate any suggestions.

Thanks.

Original issue reported on code.google.com by nitro322@gmail.com on 22 Aug 2013 at 6:56

[GoogleCodeExporter]

Thanks for the reminder... The best workaround for any PWM related problem is 
to pay the employer(s) of (one or more of) the developer(s) and hire us for 
your implementation. That way we can do the development work as part of our 
jobs, instead of in our spare time.

Nevertheless, a workaround will be available in the upcoming build. You can now 
enable/disable unlocking during account activation.

Regards,

Menno

Original comment by menno.pi...@gmail.com on 22 Aug 2013 at 8:11

• Changed state: Started
• Added labels: Type-Enhancement
• Removed labels: Type-Help

[GoogleCodeExporter]

Committed in revision 594.

Original comment by menno.pi...@gmail.com on 22 Aug 2013 at 8:12

• Changed state: Fixed

[GoogleCodeExporter]

Hi, Menno.  Just wanted to mention that the workaround you added to disable 
unlocking at activation works great.  Hope to see this more thoroughly 
addressed for RHDS in a future build, but for now we're in great shape.  Your 
quick response is much appreciated.

Original comment by nitro322@gmail.com on 26 Aug 2013 at 1:39

[GoogleCodeExporter]

ao which one does this fix? bug 1, 2 or 3?

Original comment by bela.pes...@gmail.com on 25 Sep 2014 at 6:05