maccs138 / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Cannot recover password for accounts in 389/RHDS #468

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
This is almost an exact duplicate of issue 458, but occurs when trying to 
recover a password using the Forgotten Password function rather than activating 
accounts.  I get the same behavior from PWM: it tries to delete the 
non-existent attribute pwdAccountLockedTime, then hard fails because it doesn't 
exist.

The end result is that users can't recover their own account using their 
challenge/response questions.

Didn't notice this before because there's already an option on the Forgotten 
Password page about enabling unlocking, but that only seems to give the *user* 
the option to do this; PWM itself will attempt to always do this regardless of 
that setting.

Would it be possible to add the same workaround committed in revision 594 for 
the User Activation module to the Forgotten Password module as well?

For completeness:

What steps will reproduce the problem?
1. Select Forgotten Password
2. Enter the identification details
3. Enter your challenge responses
4. Receive failure:

What is the expected output?  What do you see instead?
Should let me change my password.  Instead, I get:

An error occurred while unlocking your account. Please contact your 
administrator. { 5046 ERROR_UNLOCK_FAILURE (unable to unlock user 
uid=name,ou=users,dc=domain,dc=com error: [LDAP: error code 16 - No Such 
Attribute]) }

Additional details are provided in issue 458.

What version of PWM are you using?
nightly build 20130823

What ldap directory and version are you using?
RHDS 9.1.0 (389 DS 1.2.11.15)

Thanks.

Original issue reported on code.google.com by nitro322@gmail.com on 5 Sep 2013 at 4:13

GoogleCodeExporter commented 9 years ago
any progress to solve

Original comment by barry...@gmail.com on 23 Jan 2014 at 10:52

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
So, this is what I've figured out about the issue. The attribute that the 
system is looking for pwdaccountlockedtime with a value greater than 0. I tried 
this with a value of 0,1, and 60 to verify this. I was able to reset the 
password using the questions with the value set to 1 and 60. 

I'm not sure if this was intentional during the coding, but I think it would be 
really nice if the users didn't have to lock their account out to be able to 
use this feature. :-) 

I haven't found where it was written in the code yet, but I think I will remove 
the system looking for this attribute since I find it inconvenient for my 
users.  

Original comment by jenelle....@gmail.com on 27 Feb 2014 at 9:42

GoogleCodeExporter commented 9 years ago
so do you think there is a workaround to resolve this somehow? :-O

Original comment by bela.pes...@gmail.com on 25 Sep 2014 at 6:01

GoogleCodeExporter commented 9 years ago
Same installation with 389DS and still same error in version 1.7.1

Original comment by carlosgr...@gmail.com on 18 Nov 2014 at 3:17

GoogleCodeExporter commented 9 years ago
"Workarround":

Comment catch code in 3 methods where servlet calls to ERROR_UNLOCK_FAILURE. 
ForgottenPassword module works this way.

Original comment by carlosgr...@gmail.com on 18 Nov 2014 at 5:12

Attachments:

GoogleCodeExporter commented 9 years ago
I ran into this as well.

Original comment by solomong...@gmail.com on 13 Mar 2015 at 3:12

GoogleCodeExporter commented 9 years ago
I'm encountering this very problem today, is there any workaround or a fix to 
this problem?  Please as it will allow me to use this program for our 
organization.

I'm using 1.7.1 on Windows Server 2012 R2 and MSAD 2008

Thanks ahead of time.

Original comment by sokum...@gmail.com on 21 Apr 2015 at 5:07

GoogleCodeExporter commented 9 years ago
I patched the application (PWM) for 389 Directory.

Original comment by davood.firoozian on 23 Apr 2015 at 11:05

GoogleCodeExporter commented 9 years ago
Davood, where can I get the patch?  Is this something that you can share?  I 
thought 1.7.1 is the latest.

Original comment by sokum...@gmail.com on 29 Apr 2015 at 12:49