search

grealish / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Forgotten Password works against old novel edirectory replica (20606.01) but not the new edirectory replica (20701.48) #303

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Change ldapServerURLs property in pwmServlet.properties to new server replica
2. /etc/init.d/novell-tomcat5 restart
3. login to application as user wishing to change password
4. Answer challenge questions
5. Get "Unable to establish session password"

What is the expected output? What do you see instead?
Redirect to the page to enter new and confirm password.
Get "Unable to establish session password" error

What version of PWM are you using?
V1.3.0 b734

What ldap directory and version are you using?
Works when pointing to Novell edirectory 8.8.6 - 20606.01(32bit) which was 
running on IDM 3.6.1 (SLES 10) Does not work when pointing to Novell edirectory 
8.8.7 - 20701.48(64bit) which is running on IDM 4.0.2 (SLES 11 SP2)

Please paste any error log messages below:
Attaching error log file

Original issue reported on code.google.com by rloyl...@gmail.com on 6 Dec 2012 at 3:12

Attachments:

GoogleCodeExporter commented 9 years ago 
Suggestions:
- Verify TRY_NMAS_LOGIN_FIRST is correctly set on new server
- Enable LDAP/NMAS logging in dstrace and look for differences between servers.

If you still have issues, please post the dstrace log AND the pwm error log in 
an open format.  We cannot read proprietary MS files here.

Original comment by jrivard on 6 Dec 2012 at 8:45

GoogleCodeExporter commented 9 years ago 
Thanks for responding!

I have not verified TRY_NMAS_LOGIN_FIRST. Is that a property I can set in
the pwmServlet.properties file?

However, after further reviewing the error log which I have re-attached, I
noticed the errors below so I tried to run the app with an administrator
account on the new server and that worked. I was then able to change
password successfully pointing to the new edirectory server so it must be
an issue with the proxy account I was using. But it doesn't explain why
that account would be different on different replicas.

Thanks again.

Original comment by rloyl...@gmail.com on 7 Dec 2012 at 1:45

GoogleCodeExporter commented 9 years ago 
TRY_NMAS_LOGIN_FIRST is an eDirectory environment variable setting.

Glad to hear it's working for you now.

Original comment by jrivard on 13 Dec 2012 at 2:59