token454 / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Unexpected LDAP Error - After Upgrading eDirectory to 8.8.8 #524

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Upgrade to eDirectory 8.8.8 (or 8.8 SP8)
2. Launch PWM Configuration Editor
3. PWM Health reports problem with LDAP

Other Information?
I also noticed that when I try to login with a user account, PWM doesn't seems 
to try to retrieve the user's configured password policy. Comparing LDAP traces 
from an install with eDir 8.8.7 to this new one, the trace shows no attempt to 
determine the password policy. I do see that the LDAP extension required for 
this is available on both the old and new eDir servers.

What version of PWM are you using?
1.6.4 (also tried 1.7.0, no change)

What ldap directory and version are you using?
NetIQ (formerly Novell) eDirectory 8.8.8 (8.8 SP8)

Please paste any error log messages below:

Mon Jan 20 14:45:02 EST 2014, INFO , password.pwm.ContextManager, application 
restart completed
Mon Jan 20 14:45:02 EST 2014, INFO , password.pwm.ContextManager, invalidating 
all existing http sessions
Mon Jan 20 14:45:02 EST 2014, ERROR, password.pwm.util.PwmMacroMachine, unable 
to parse configured/detected site URL: no protocol: [UNCONFIGURED_URL]
Mon Jan 20 14:45:02 EST 2014, WARN , password.pwm.PwmApplication, pwm 
configuration has been modified since last startup
Mon Jan 20 14:45:02 EST 2014, INFO , password.pwm.PwmApplication, PWM v1.6.4 
b1185 (release) open for bidness! (54ms)
Mon Jan 20 14:45:02 EST 2014, ERROR, password.pwm.TokenManager, 5055 
ERROR_INVALID_SECURITY_KEY (unable to start token manager: PWM Security Key 
value is not configured)
Mon Jan 20 14:45:02 EST 2014, INFO , 
password.pwm.wordlist.SharedHistoryManager, open with 0 words (1ms), 
maxAgeMs=28d:12h, oldestEntry=31m
Mon Jan 20 14:45:02 EST 2014, INFO , password.pwm.PwmApplication, loaded pwm 
global password policy: PwmPasswordPolicy: {MinimumLowerCase=1, 
MinimumSpecial=1, MaximumOldChars=0, MaximumUpperCase=0, MaximumNumeric=0, 
EnableWordlist=true, RegExMatch=, MinimumUnique=0, MinimumNonAlpha=1, 
DisallowedAttributes=[cn, givenName, sn], MinimumStrength=0, AllowNumeric=true, 
ChangeMessage=, MinimumAlpha=0, MaximumLowerCase=0, AllowSpecial=true, 
ADComplexity=false, MaximumLength=64, MaximumRepeat=0, 
AllowFirstCharNumeric=true, MinimumLength=8, MaximumSequentialRepeat=0, 
AllowLastCharSpecial=true, MinimumNumeric=1, MaximumAlpha=0, RegExNoMatch=, 
MaximumNonAlpha=0, MaximumSpecial=0, MinimumUpperCase=1, 
AllowFirstCharSpecial=true, DisallowedValues=[], AllowLastCharNumeric=true}
Mon Jan 20 14:45:02 EST 2014, INFO , password.pwm.PwmApplication, using 
'EB4B7D389BDEEEE0' for this pwm instance's ID (instanceID)
Mon Jan 20 14:45:02 EST 2014, INFO , password.pwm.PwmApplication, debug info:, 
memfree=91944232, memallocd=259588096, memmax=518979584, threads=40
Mon Jan 20 14:45:02 EST 2014, INFO , password.pwm.PwmApplication, initializing 
pwm
Mon Jan 20 14:45:02 EST 2014, INFO , password.pwm.PwmApplication, loaded 
configuration: 
  pwm.versionCheck.enable=false
  display.showDetailedErrors=false
  interface.theme=custom
  password.showAutoGen=false
  display.showHidePasswordFields=false
  display.passwordHistory=false
  display.accountInformation=false
  display.showLoginPageOptions=false
  ldap.serverUrls=["ldaps://myserver1:636"]
  ldap.proxy.username=cn=PwmProxy,ou=PWM,ou=services,o=company
  ldap.proxy.password=**removed**
  ldap.rootContexts=ou=people,o=company
  ldap.testuser.username=cn=pwmtest,ou=others,ou=people,o=company
  pwmAdmin.queryMatch=(groupMembership=cn=PWMAdmins,ou=PWM,ou=services,o=company)
  password.policy.minimumLength=8
  password.policy.minimumNumeric=1
  password.policy.minimumSpecial=1
  password.policy.minimumNonAlpha=1
  password.policy.minimumUpperCase=1
  password.policy.minimumLowerCase=1
  password.policy.disallowedValues=[""]
  wordlistCaseSensitive=true
  pwm.requireHTTPS=true
  challenge.enable=false
  challenge.forceSetup=false
  peopleSearch.result.form={"":["givenName:First Name:text:1:50:true:false","sn:Last Name:text:1:50:true:false","mail:Email:email:1:150:true:false","telephoneNumber:Telephone:text:1:150:true:false"]}
  peopleSearch.useProxy=true
  ldap.edirectory.readChallengeSets=false
Mon Jan 20 14:45:02 EST 2014, INFO , password.pwm.ContextManager, configuration 
file modification has been detected
Mon Jan 20 14:45:02 EST 2014, INFO , password.pwm.ContextManager, beginning 
application restart
Mon Jan 20 14:45:02 EST 2014, WARN , password.pwm.PwmApplication, shutting down

Original issue reported on code.google.com by bret...@gmail.com on 20 Jan 2014 at 8:08

GoogleCodeExporter commented 8 years ago
Issue is due to version tag in eDirectory changing from "Novell eDirectory" to 
"NetIQ eDirectory".   There are no fixes available except in nightly builds.

Original comment by jrivard on 21 Jan 2014 at 3:26

GoogleCodeExporter commented 8 years ago
Please try 1.7.1. This version now contains a new LdapChai library that should 
detect 8.8.8 correctly.

Original comment by menno.pi...@gmail.com on 26 Feb 2014 at 7:25