Hi Steve,
ok, this explains why you get the message about wrong answer. You need to set
it via LAM as the value is not stored as clear text.
To show the self service question and answer your user needs to have the object
class "passwordSelfReset" on the LDAP account.
You can add this via LAM admin interface:
https://www.ldap-account-manager.org/static/doc/manual/ch04s02.html#idm1767
The module allows to activate the extension by adding the object class.
If you have a larger number of users then you can use the multi edit tool
inside LAM.
Best regards
Roland
Am 13. Februar 2018 16:45:23 MEZ schrieb "Hannigan, Steve (SHANNIGA)"
<shann...@arinc.com>:
>As a follow-up, I may have confused the issue by hard coding the
>questions and answers in the Directory Server. They weren’t working
>correctly, so it was just something I tried.
>
>More in line with the actual issue, the security questions are defined
>in the self service profile page layout, but they do not appear in the
>LAM self service page.
>See attached images.
>
>Please let me know what I can provide to help solve this issue.
>
>Thanks, Steve
>
>
>From: Hannigan, Steve (SHANNIGA) [mailto:shann...@arinc.com]
>Sent: Tuesday, February 13, 2018 8:41 AM
>To: Roland Gruber; lam-public@lists.sourceforge.net;
>lam-public@lists.sourceforge.net
>Subject: Re: [Lam-public] Self Service Issue
>
>I’ve tried with varied number of questions – one and three.
>
>Below is a snip from the log file:
>
>2018-02-13 13:31:29: LDAP Account Manager ( - 10.243.56.35) - DEBUG:
>Calling URL detected as
>https://anplam01.arinc.com/lam/templates/misc/ajax.php?sec_token=1066992467476&selfservice=1&function=passwordStrengthCheck
>2018-02-13 13:31:29: LDAP Account Manager (tvsjpf823khsvn4l4psql9dap6 -
>10.243.56.35) - WARNING: Detected unauthorized access to page that
>requires login: /usr/share/ldap-account-manager/templates/misc/ajax.php
>2018-02-13 13:31:39: LDAP Account Manager ( - 10.243.56.35) - DEBUG:
>Calling URL detected as
>https://anplam01.arinc.com/lam/templates/selfService/selfServiceSP.php?scope=user&name=BossNetReset&page=passwordSelfReset&language=en_US.utf8
>2018-02-13 13:31:39: LDAP Account Manager (tvsjpf823khsvn4l4psql9dap6 -
>10.243.56.35) - ERROR: Self service password reset: The answer to the
>security question is wrong for
>uid=mlc,ou=People,ou=ims,dc=arinc,dc=com.
>
>Thanks, Steve
>
>From: Roland Gruber [mailto:p...@rolandgruber.de]
>Sent: Tuesday, February 13, 2018 1:00 AM
>To:
>lam-public@lists.sourceforge.net<mailto:lam-public@lists.sourceforge.net>;
>Hannigan, Steve (SHANNIGA);
>lam-public@lists.sourceforge.net<mailto:lam-public@lists.sourceforge.net>
>Subject: Re: [Lam-public] Self Service Issue
>
>Hi Steve,
>
>please enable LAM's logging and check for the exact reason why the
>answer check failed:
>
>https://www.ldap-account-manager.org/static/doc/manual/ch03.html#conf_logging
>
>How many questions did you configure? Please note that when multiple
>questions are setup then all need to be answered.
>
>Best regards
>Roland
>Am 12. Februar 2018 21:29:09 MEZ schrieb "Hannigan, Steve (SHANNIGA)"
><shann...@arinc.com<mailto:shann...@arinc.com>>:
>Good Day,
>
>I can’t seem to get the Self Service security questions to work.
>I’m concerned that the search string is not finding the appropriate
>attributes?
>
>Error Reports “The answer to the security question is wrong”
>
>I’ve played a little with what I believe to be the search string and
>get very little returned when attrs="* pwdaccountlockedtime aci" are
>added to the end of the search.
>
>Any ideas or suggestions would be appreciated.
>-Steve
>
>
>LDAP Account Manager PRO 6.2.1
>Platform is Redhat 7 with their Directory Server 10.1 and PHP 5.6
>releases
>
>Steve Hannigan
>Sr System Administrator
>Information Management Services/BS/TS&O
>2551 Riva Road, Annapolis, MD 21401 USA
>Phone: 410-266-2306
>shann...@arinc.com<mailto:shann...@arinc.com>
>stephen.hanni...@rockwellcollins.com<mailto:stephen.hanni...@rockwellcollins.com>
>www.rockwellcollins.com<http://www.rockwellcollins.com/>
>
>
>--
>Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
