search

happyraul / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Error in User Activation module #567

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
We have to create disabled account with our user manager application.
"Activation Query Match" option in User activation module is modified with the 
query "(&(objectclass=person)((loginDisabled=TRUE)))", so PWM is looking for 
disabled users.
No problem if we use enabled users and if we change the query.

How we can use disabled users?

What is the expected output? What do you see instead?
We checked "Unlock User During Activation". We expect that the user is enabled.

What version of PWM are you using?
1.7.1

What ldap directory and version are you using?
eDirectory 8.8 SP8 64bit

Please paste any error log messages below:
2014-05-23 16:47:36, INFO , operations.UserAuthenticator, {20} login attempt 
for cn=r11,ou=Registrati,ou=ExternalUsers,o=Liguria failed: 5001 
ERROR_WRONGPASSWORD (ldap error during password check: unable to create 
connection: unable to bind to ldaps://aaa-svilldap.datasiel.net:636 as 
cn=r11,ou=Registrati,ou=ExternalUsers,o=Liguria reason: [LDAP: error code 53 - 
NDS error: log account expired (-220)]) [10.10.27.54/pellesms.datasiel.net]
2014-05-23 16:47:39, ERROR, operations.UserAuthenticator, unable to 
authenticate with admin retrieved password, check proxy rights, ldap logs, and 
ensure ldap.namingAttribute setting is correct
2014-05-23 16:47:39, ERROR, servlet.TopServlet, {20} pwm error during page 
generation: 5026 ERROR_BAD_SESSION_PASSWORD (unable to authenticate with admin 
retrieved password, check proxy rights, ldap logs, and ensure 
ldap.namingAttribute setting is correct) [10.10.27.54/pellesms.datasiel.net]

Thanks a lot
 Sandro

Original issue reported on code.google.com by spell...@gmail.com on 23 May 2014 at 3:03

GoogleCodeExporter commented 9 years ago 
Please, anyone can help us?

Thanks

Original comment by spell...@gmail.com on 4 Jun 2014 at 9:02

GoogleCodeExporter commented 9 years ago

Original comment by jrivard on 9 Jun 2014 at 4:38

GoogleCodeExporter commented 9 years ago 
Hi
Why is this request invalid?
We cannot create disabled user, or this user cannot use "User activation" 
module.
Perhaps the problem is that the user cannot interact with ldap.

I have seen 485 issue, 
https://code.google.com/p/pwm/issues/detail?id=485&can=1&q=ERROR_WRONGPASSWORD.
Can we use the proxy user instead the login user?
I remember that in old PWM version was possible to use proxy user in some 
modules, if this is the solution.
If is not possibile to create disabled user, we have to close access to NAM 
resources, perhaps using custom auth classes.

Thanks you for your patience
 Sandro

Original comment by spell...@gmail.com on 9 Jun 2014 at 4:25