Unlock account in helpdesk module for 389-DS/Redhat

grealish / pwm

Automatically exported from code.google.com/p/pwm

0 stars 0 forks source link

Unlock account in helpdesk module for 389-DS/Redhat #296

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Lock a user account in Fedora/Redhat DS
2. Login to the helpdesk module
3. Click unlock

What is the expected output? What do you see instead?
I expect to be able to unlock a locked account. The attribute to lock/unlock an 
account is set with the nsaccountlock with a value of true or false.

What version of PWM are you using?
1.6.4

What ldap directory and version are you using?
389-ds/Redhat

Please paste any error log messages below:

Original issue reported on code.google.com by tom.v...@gmail.com on 6 Nov 2012 at 1:30

GoogleCodeExporter commented 9 years ago

According to this link[1], the nsaccountlock attribute seems more like account 
enable/disable.  The PWM lock/unlock functionality corresponds to a temporary 
status of intruder lockout caused by invalid login attempts.  Is there a 
corresponding openldap attribute for temporary intruder flag status?

[1] http://docs.oracle.com/cd/E19225-01/820-6551/gijdz/index.html

Original comment by jrivard on 25 Nov 2012 at 4:49

Changed state: NeedInfo
Added labels: Type-Enhancement
Removed labels: Type-Help

GoogleCodeExporter commented 9 years ago

For OpenLDAP, see 
http://www.zytrax.com/books/ldap/ch6/ppolicy.html#operationalattributes.

This will only work if the ppolicy modules loaded, not by default.

- Menno

Original comment by menno.pi...@gmail.com on 26 Nov 2012 at 7:36

GoogleCodeExporter commented 9 years ago

Added support for lock detection via reading the pwdLockout attribute, and 
clearing it by deleting the pwdAccountLockedTime attribute.  Added in revision 
531.  Please re-open this issue if you find issues with this implementation, I 
do not have a DS-389 server available to test on.

Original comment by jrivard on 11 Mar 2013 at 6:22

Changed state: Fixed

GoogleCodeExporter commented 9 years ago

According to these links, 389-DS/RedHat attributes are not the same as OpenLdap 
to lock/unlock a user.

http://directory.fedoraproject.org/wiki/Howto:PasswordReset
http://www.centos.org/docs/5/html/CDS/ag/8.0/User_Account_Management-Managing_th
e_Password_Policy.html#Configuring_the_Account_Lockout_Policy_Using_the_Command_
Line-Account_Lockout_Policy_Attributes

Original comment by cedric.d...@gmail.com on 25 Mar 2013 at 11:26