William, That is a reference to a super cool ( and IMHO not finished) feature of ARS to do things like "Lock the user out after "N" failed passwords". Let me see if I can find a doc page for you to go look at...
Ref: Configuring-710.pdf --> "Table B-1: ar.conf (ar.cfg) file options", Pg 274 " Max-Password-Attempts Sets the maximum number of consecutive bad password retries a user is allowed to make. If this option is set to 3, the user has 3 chances to log in. If all 3 attempts have bad passwords, the user account will be marked as INVALID. The allowed values for this option are 0 and all positive integers. A value of 0 turns feature off, and any positive integer sets the limit. " There may be other references to this feature in the docs too, but that is the first/best one I know of. The thing about this feature is that, to my knowledge they did not document how to "unlock" an account. It is my understanding that you need to change the users _LOCAL_ ARS password to unlock the account. (Or wait for some kind of timeout to happen.) Oh but wait.... in 7.1 this feature can now be set the configured value with the "AR System Administrator form." (Ref: Configuring-710.pdf, Pg 84) "AR System Administration Console" ... <snip> ... "click System > Application > Users/Groups/Roles > License Review." ... <snip> ... " Server - Invalid Users—Displays the number of users who are locked out of BMC Remedy User because of too many bad password attempts. To reset an invalid account, reset the user's password. To set a maximum number of bad passwords, enter the number in the Max Number of Password Attempts field in the AR System Administrator form. To turn the feature off (unlimited number of bad passwords allowed), set the number to 0 (the default). You can also check for invalid users by using the driver with the glu command. " Maybe you can get a report from the user (when they have the problem and check this UI to see if their Login Name is showing up in that list? BTW: IMHO, "not finished" because a simple thing like 'Status' in the User record should be used to set/unset this attribute of the account and not _only_ some hidden data in a back end cache table. It is silly and wrong to have to change a users password because they managed to get their account locked due to having their caps lock key on. -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap.... Pick two. On Wed, Aug 6, 2008 at 10:48 PM, William Rentfrow <[EMAIL PROTECTED]> wrote: > This is still related to the "You do not have write license" woes " > issue > > What does the BADPWD and BADPWDTOTAL field mean exactly in the > user_cache table? > > The reason I ask is this - exactly one other person has responded to me > with a similar issue and it was tied to an LDAP integration. > > One of my users in question who can not save has a # of 38 in her > BADPWDTOTAL field in user_cache... > > William Rentfrow > Principal Consultant, StrataCom > [EMAIL PROTECTED] > O 952-432-0227 > C 701-306-6157 _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
