search

ltb-project / service-desk

Application for support team who need to check and reset user passwords
https://service-desk.readthedocs.io/
GNU General Public License v3.0
49 stars 20 forks source link

The account password has expired, but the web interface does not show that the password has expired #25

Closed ilanni2460 closed 3 years ago

ilanni2460 commented 3 years ago

The account password has expired, but the web interface does not show that the password has expired 0

coudot commented 3 years ago

If the password is already expired, you should have a warning on the page.

We don't display expiration date, see #19

ilanni2460 commented 3 years ago

@coudot I mean, it didn't show the password expired, like this picture:

1

coudot commented 3 years ago

What is the pwdMaxAge of your ppolicy?

ilanni2460 commented 3 years ago

pwdMaxAge is 7776000 , 90d

ilanni2460 commented 3 years ago

the account is expired 2020.9.27

coudot commented 3 years ago

Check that this account is not linked to another ppolicy, or that the pwdMaxAge is well defined in the default ppolicy

ilanni2460 commented 3 years ago

@coudot this is ldap config ppolicy : 0

this ppolicy account :

1

From the above two pictures, it can be clearly seen that the password policy is effective. And this password policy, we have been using it. So I guess it’s because there is a problem in the code about whether the user password has expired

coudot commented 3 years ago

The code is here: https://github.com/ltb-project/service-desk/blob/master/htdocs/display.php#L136

I don't see why it does not work on your side. Do you have any error in logs? Do you see requests in OpenLDAP logs?

ilanni2460 commented 3 years ago

@coudot I have checked the ldap service and did not find any error information for the account, but I found such a line in the error log of the service-desk, but I don’t think it will be affected

2

ilanni2460 commented 3 years ago

@coudot I thought of a way to put $pwdMaxAge $pwdChangedTime $changedDate $expirationDate

Print out the values ​​of these variables to see

But i don't know how to print

coudot commented 3 years ago

You can use "error_log" in the code to print them in logs

ilanni2460 commented 3 years ago

@coudot ok i try ,tks

ilanni2460 commented 3 years ago

@coudot i try in display.php the code error_log(print_r($pwdMaxAge, 1));

But there is no information in the log

3

coudot commented 3 years ago

Does the Service Desk application account have enough rights to read ppolicies entries?

ilanni2460 commented 3 years ago

@coudot Sure enough, it is caused by no permission, you are too awesome

very tks 4

coudot commented 3 years ago

You're welcome. If you want to contribute a lang file for Chinese, it could be great!

ilanni2460 commented 3 years ago

OK