What steps will reproduce the problem?
1. Create the Helpdesk group with the necessary ACL's
2. Add the Helpdesk groupmembership for a user (i.e. cn=x) that has no e-mail
attribute set
3. Enable the Helpdesk module in Pwm
4. Try to reset a password for a different user (i.e. cn=y) that has no e-mail
attribute set
What is the expected output? What do you see instead?
A DEBUG log entry that the targetDN has no e-mail attribute and an entry of a
Helpdesk password reset in the Password History of that targetDN. Instead I end
up with a DEBUG log entry that the perpetratorDN has no e-mail set. Also the
perpetratorDN gets an entry of a Helpdesk password reset in the Password
History. Both the log entry and the Password history entry should be referring
to the targetDN and not the perpetratorDN.
What version of PWM are you using?
Daly build (PWM v1.7.0 b1216 (RC1) buildTime=2013.04.02 10:39:59 EDT)
What ldap directory and version are you using?
eDirectory for Linux x86_64 v8.8 SP7 ON SLES11 SP1
catalina.out:
2013-04-09 08:30:51, TRACE, operations.UserSearchEngine, {3,Dhr Drs. S.
Veldhuisen} username appears to be a DN (starts with configured ldap naming
attribute'cn'), skipping username search [127.0.0.1/localhost]
2013-04-09 08:30:51, TRACE, entry.EdirEntries, using active universal password
policy for user cn=y,ou=users,o=meta at cn=unipwd-nvl-employee,cn=Password
Policies,cn=Security
2013-04-09 08:30:51, DEBUG, operations.PasswordUtility, {3,Dhr Drs. S.
Veldhuisen} discovered assigned password policy for cn=y,ou=users,o=meta
PwmPasswordPolicy: {MinimumLowerCase=1, MinimumSpecial=0, Maxi
mumUpperCase=0, MaximumNumeric=0, MinimumLifetime=0, MinimumUnique=0,
DisallowedAttributes=[CN, Full Name, Surname, ULCNuser], UniqueRequired=TRUE,
AllowNumeric=TRUE, CaseSensitive=TRUE, ChangeMessage=,
ExpirationInterval=15724800, Maxim
umLowerCase=0, AllowSpecial=FALSE, MaximumLength=13,
AllowFirstCharNumeric=TRUE, MinimumLength=8, MaximumSequentialRepeat=0,
MinimumNumeric=1, AllowLastCharSpecial=TRUE, PolicyEnabled=true,
MaximumSpecial=0, MinimumUpperCase=1, AllowFirs
tCharSpecial=TRUE, DisallowedValues=[], AllowLastCharNumeric=TRUE}
[127.0.0.1/localhost]
2013-04-09 08:30:51, TRACE, operations.PasswordUtility, {3,Dhr Drs. S.
Veldhuisen} readPasswordPolicyForUser completed in 8ms [127.0.0.1/localhost]
2013-04-09 08:30:51, TRACE, util.Helper, externalJudgeMethod
'password.pwm.PwmPasswordJudge' returned a value of 50
2013-04-09 08:30:51, TRACE, util.Helper, externalJudgeMethod
'password.pwm.PwmPasswordJudge' returned a value of 65
2013-04-09 08:30:51, TRACE, util.RandomPasswordGenerator, {3,Dhr Drs. S.
Veldhuisen} finished random password generation in 2ms after 2 tries.
[127.0.0.1/localhost]
2013-04-09 08:30:51, TRACE, util.RandomPasswordGenerator, {3,Dhr Drs. S.
Veldhuisen} real-time random password generator called (2ms)
[127.0.0.1/localhost]
2013-04-09 08:30:56, DEBUG, server.RestServerHelper, {3,Dhr Drs. S. Veldhuisen}
REST WebService Request: POST request for: /pwm/public/rest/setpassword
[127.0.0.1/localhost]
pwmFormID='hIbvCOeaNpZKCTEA2k1PZG0GyIF2LqsN13ded7c07c9k2xs3z'
2013-04-09 08:30:56, TRACE, operations.UserSearchEngine, {3,Dhr Drs. S.
Veldhuisen} username appears to be a DN (starts with configured ldap naming
attribute'cn'), skipping username search [127.0.0.1/localhost]
2013-04-09 08:30:56, INFO , operations.PasswordUtility, {3,Dhr Drs. S.
Veldhuisen} user 'cn=x,ou=users,o=meta' successfully changed password for
cn=y,ou=users,o=meta [127.0.0.
1/localhost]
2013-04-09 08:30:56, INFO , event.AuditManager, audit event:
{"eventCode":"HELPDESK_SET_PASSWORD","perpetratorID":"Dhr Drs. S.
Veldhuisen","perpetratorDN":"cn\u003dm20009344,ou\u003dActive,ou\u003dEmployees,
ou\u003dusers,o\u003dmeta","ti
mestamp":"Apr 9, 2013 8:30:56 AM","targetID":"Mw T. bij het Eland-uit den
Broker","targetDN":"cn\u003dm20024024,ou\u003dActive,ou\u003dEmployees,ou\u003du
sers,o\u003dmeta","sourceAddress":"127.0.0.1","sourceHost":"localhost"}
2013-04-09 08:30:56, TRACE, entry.EdirEntries, using active universal password
policy for user cn=y,ou=users,o=meta at cn=unipwd-nvl-employee,cn=Password
Policies,cn=Security
2013-04-09 08:30:56, DEBUG, operations.PasswordUtility, {3,Dhr Drs. S.
Veldhuisen} discovered assigned password policy for cn=y,ou=users,o=meta
PwmPasswordPolicy: {MinimumLowerCase=1, MinimumSpecial=0, Maxi
mumUpperCase=0, MaximumNumeric=0, MinimumLifetime=0, MinimumUnique=0,
DisallowedAttributes=[CN, Full Name, Surname, ULCNuser], UniqueRequired=TRUE,
AllowNumeric=TRUE, CaseSensitive=TRUE, ChangeMessage=,
ExpirationInterval=15724800, Maxim
umLowerCase=0, AllowSpecial=FALSE, MaximumLength=13,
AllowFirstCharNumeric=TRUE, MinimumLength=8, MaximumSequentialRepeat=0,
MinimumNumeric=1, AllowLastCharSpecial=TRUE, PolicyEnabled=true,
MaximumSpecial=0, MinimumUpperCase=1, AllowFirs
tCharSpecial=TRUE, DisallowedValues=[], AllowLastCharNumeric=TRUE}
[127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, operations.PasswordUtility, {3,Dhr Drs. S.
Veldhuisen} readPasswordPolicyForUser completed in 8ms [127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, edir.NmasCrFactory, challengeSetDN is null, return
null for readNmasAssignedChallengeSetPolicy()
2013-04-09 08:30:56, TRACE, entry.EdirEntries, using active universal password
policy for user cn=y,ou=users,o=meta at cn=unipwd-nvl-employee,cn=Password
Policies,cn=Security
2013-04-09 08:30:56, TRACE, edir.NmasCrFactory, challengeSetDN is null, return
null for readNmasAssignedChallengeSetPolicy()
2013-04-09 08:30:56, DEBUG, operations.CrUtility, {3,Dhr Drs. S. Veldhuisen} no
nmas c/r policy found for user cn=y,ou=users,o=meta [127.0.0.1/localhost]
2013-04-09 08:30:56, DEBUG, operations.CrUtility, {3,Dhr Drs. S. Veldhuisen}
using pwm c/r policy for user cn=y,ou=users,o=meta: ChallengeSet identifier:
pwm-defined v1.7.0 b1216 (RC1), minRandom: 2, locale
: en, (Challenge: "What is the name of the main character in your favorite
book?", required: false, adminDefined: true, minLength: 4, maxLength: 200)
(Challenge: "What is the name of your favorite teacher?", required: false,
adminDefined
: true, minLength: 4, maxLength: 200) (Challenge: "What is the name of your
favorite pet?", required: false, adminDefined: true, minLength: 4, maxLength:
200) (Challenge: "What was the name of your childhood best friend?", required:
fals
e, adminDefined: true, minLength: 4, maxLength: 200) (Challenge: "What was your
favorite show as a child?", required: false, adminDefined: true, minLength: 4,
maxLength: 200) (Challenge: "Who is your favorite author?", required: false, a
dminDefined: true, minLength: 4, maxLength: 200) (Challenge: "What is your
favorite food?", required: false, adminDefined: true, minLength: 4, maxLength:
200) (Challenge: "What is your partner's nickname?", required: false,
adminDefined:
true, minLength: 4, maxLength: 200) (Challenge: "What is your favorite team?", required: false, adminDefined: true, minLength: 4, maxLength: 200) (Challenge: "What street did you grow up on?", required: false, adminDefined: true, minLen
gth: 4, maxLength: 200) (Challenge: "What city / town were you born in?",
required: false, adminDefined: true, minLength: 4, maxLength: 200) (Challenge:
"What is your favorite vehicle?", required: false, adminDefined: true,
minLength: 4,
maxLength: 200) (Challenge: "If you could meet someone from history, who would it be?", required: false, adminDefined: true, minLength: 4, maxLength: 200) (Challenge: "What is your least favorite film of all time?", required: false, adm
inDefined: true, minLength: 4, maxLength: 200) (Challenge: "Who was your least
favorite teacher?", required: false, adminDefined: true, minLength: 4,
maxLength: 200) (Challenge: "What food do you dislike the most?", required:
false, admi
nDefined: true, minLength: 4, maxLength: 200) [127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, operations.CrUtility, {3,Dhr Drs. S. Veldhuisen}
readUserChallengeSet completed in 13ms [127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, util.Helper, read VENDORGUID value for user
cn=y,ou=users,o=meta: 38a5d0d46f838a4caa9d38a5d0d46f83
2013-04-09 08:30:56, TRACE, operations.UserStatusHelper, {3,Dhr Drs. S.
Veldhuisen} beginning password status check process for cn=y,ou=users,o=meta
[127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, operations.UserStatusHelper, {3,Dhr Drs. S.
Veldhuisen} password for cn=y,ou=users,o=meta does not appear to be expired
[127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, operations.UserStatusHelper,
ldapPasswordExpirationTime (cn=y,ou=users,o=meta): Tue Apr 09 08:30:58 CEST
2013 (1365489058859 ms)
2013-04-09 08:30:56, INFO , operations.UserStatusHelper, {3,Dhr Drs. S.
Veldhuisen} user cn=y,ou=users,o=meta password will expire within 999ms,
marking as within warn period [127.0.0.1/localhost]
2013-04-09 08:30:56, DEBUG, operations.UserStatusHelper, {3,Dhr Drs. S.
Veldhuisen} completed user password status check for cn=y,ou=users,o=meta
PasswordStatus {expired=false, pre-expired=false, warn=true,
violatesPolicy=false} (7ms) [127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, operations.CrUtility, {3,Dhr Drs. S. Veldhuisen}
beginning check to determine if responses need to be configured for user
[127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, operations.CrUtility, {3,Dhr Drs. S. Veldhuisen}
beginning read of user response sequence [127.0.0.1/localhost]
2013-04-09 08:30:56, DEBUG, operations.CrUtility, {3,Dhr Drs. S. Veldhuisen}
will attempt to read the following storage methods: LDAP [127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, operations.CrUtility, {3,Dhr Drs. S. Veldhuisen}
attempting read of responses via storage method: LDAP [127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, operations.CrUtility, {3,Dhr Drs. S. Veldhuisen} no
responses read using method LDAP [127.0.0.1/localhost]
2013-04-09 08:30:56, DEBUG, operations.CrUtility, {3,Dhr Drs. S. Veldhuisen}
checkIfResponseConfigNeeded: cn=y,ou=users,o=meta does not have good responses:
no responses configured [127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, operations.UserStatusHelper, {3,Dhr Drs. S.
Veldhuisen} read last user password change timestamp (via chai) as: Tue Apr 09
08:30:58 CEST 2013 [127.0.0.1/localhost]
2013-04-09 08:30:56, TRACE, operations.UserStatusHelper, {3,Dhr Drs. S.
Veldhuisen} populateUserInfoBean for cn=y,ou=users,o=meta completed in 66ms
[127.0.0.1/localhost]
2013-04-09 08:30:56, DEBUG, operations.PasswordUtility, {3,Dhr Drs. S.
Veldhuisen} executing changepassword and helpdesk post password change
writeAttributes to user cn=y,ou=users,o=meta [127.0.0.1/localhost]
2013-04-09 08:30:56, DEBUG, operations.PasswordUtility, {3,Dhr Drs. S.
Veldhuisen} unable to send change password email for 'cn=x,ou=users,o=meta' no
' user email address available [127.0.0.1/localhost]
Original issue reported on code.google.com by sebastia...@gmail.com on 9 Apr 2013 at 7:03
Original issue reported on code.google.com by
sebastia...@gmail.comon 9 Apr 2013 at 7:03