Users cannot change passwords from Forgot Password Link

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Go to PWM home page that was setup for your site
2. Click on "Forgot Password" at the bottum of page
3. Type in the username credentials and click search

What is the expected output? What do you see instead?
Error: PWM 5027
"You do not have permission to perform the requested action."

What version of PWM are you using?
1.6.3

What ldap directory and version are you using?
Active Directory on Windows Server 2008 R2 64bit

Please paste any error log messages below:

Thu Aug 16 15:15:56 CDT 2012, INFO , 
password.pwm.servlet.ForgottenPasswordServlet, 5027 ERROR_UNAUTHORIZED (does 
not match forgotten password query match) [10.34.1.16/np-mhumelt-pc.pcs.org]

Original issue reported on code.google.com by mhu...@gmail.com on 16 Aug 2012 at 8:20

[GoogleCodeExporter]

You need to check and configure the "forgotten password query". This query 
defines which users are allowed to use the forgotten password feature.

By the way, this is not a PWM issue, it's a configuration issue. Please post 
this kind of questions on the pwm-general mailing list.

+Menno

Original comment by menno.pi...@gmail.com on 17 Aug 2012 at 6:14

• Changed state: NeedInfo

[GoogleCodeExporter]

Fixed,

Thank you for letting me know about the "Query".

I had to run some powershell comamnds to see what objectclass was exactly 
returning for Active directory accounts.
I changed it from (objectClass=*) to (objectClass=user) because it ldap was 
returning the field as user.
My next configuration issue is there is a wait time in which an end user can 
change there password again. Not sure where that is, It doesnt stand out to me. 
I will look through PWM-General for it. hopefully I can find something there.

Thank You. for your help.

Original comment by mhu...@gmail.com on 21 Aug 2012 at 3:35

[GoogleCodeExporter]

Original comment by menno.pi...@gmail.com on 22 Aug 2012 at 7:37

• Changed state: Done