Re: [Lam-public] Self Service Issue

[Hannigan, Steve (SHANNIGA)]

I actually had "passwordSelfReset" associated with the user but it wasn’t 
completely configured.
Mainly because of  “server setting access level ” – I had to change it to 
“write” to complete the question/answer updates to the user’s LDAP account.
The “forgot password” feature works now and accepts the answers allowing the 
password update.

I’m still however, having an issue with LAM self service page. The page layout 
is setup to offer password and questions/answers maintenance, but only displays 
the password piece.

Thanks,
Steve

From: Roland Gruber [mailto:p...@rolandgruber.de]
Sent: Tuesday, February 13, 2018 12:15 PM
To: lam-public@lists.sourceforge.net; Hannigan, Steve (SHANNIGA)
Subject: Re: [Lam-public] Self Service Issue

Hi Steve,

ok, this explains why you get the message about wrong answer. You need to set 
it via LAM as the value is not stored as clear text.

To show the self service question and answer your user needs to have the object 
class "passwordSelfReset" on the LDAP account.
You can add this via LAM admin interface:

https://www.ldap-account-manager.org/static/doc/manual/ch04s02.html#idm1767

The module allows to activate the extension by adding the object class.

If you have a larger number of users then you can use the multi edit tool 
inside LAM.

Best regards
Roland

Am 13. Februar 2018 16:45:23 MEZ schrieb "Hannigan, Steve (SHANNIGA)" 
<shann...@arinc.com<mailto:shann...@arinc.com>>:
As a follow-up, I may have confused the issue by hard coding the questions and 
answers in the Directory Server. They weren’t working correctly, so it was just 
something I tried.


More in line with the actual issue, the security questions are defined in the 
self service profile page layout, but they do not appear in the LAM self 
service page.
See attached images.


Please let me know what I can provide to help solve this issue.


Thanks, Steve




From: Hannigan, Steve (SHANNIGA) [mailto:shann...@arinc.com]
Sent: Tuesday, February 13, 2018 8:41 AM
To: Roland Gruber; 
lam-public@lists.sourceforge.net<mailto:lam-public@lists.sourceforge.net>; 
lam-public@lists.sourceforge.net<mailto:lam-public@lists.sourceforge.net>
Subject: Re: [Lam-public] Self Service Issue


I’ve tried with varied number of questions – one and three.


Below is a snip from the log file:


2018-02-13 13:31:29: LDAP Account Manager ( - 10.243.56.35) - DEBUG: Calling 
URL detected as 
https://anplam01.arinc.com/lam/templates/misc/ajax.php?sec_token=1066992467476&selfservice=1&function=passwordStrengthCheck
2018-02-13 13:31:29: LDAP Account Manager (tvsjpf823khsvn4l4psql9dap6 - 
10.243.56.35) - WARNING: Detected unauthorized access to page that requires 
login: /usr/share/ldap-account-manager/templates/misc/ajax.php
2018-02-13 13:31:39: LDAP Account Manager ( - 10.243.56.35) - DEBUG: Calling 
URL detected as 
https://anplam01.arinc.com/lam/templates/selfService/selfServiceSP.php?scope=user&name=BossNetReset&page=passwordSelfReset&language=en_US.utf8
2018-02-13 13:31:39: LDAP Account Manager (tvsjpf823khsvn4l4psql9dap6 - 
10.243.56.35) - ERROR: Self service password reset: The answer to the security 
question is wrong for uid=mlc,ou=People,ou=ims,dc=arinc,dc=com.


Thanks, Steve


From: Roland Gruber [mailto:p...@rolandgruber.de]
Sent: Tuesday, February 13, 2018 1:00 AM
To: lam-public@lists.sourceforge.net<mailto:lam-public@lists.sourceforge.net>; 
Hannigan, Steve (SHANNIGA); 
lam-public@lists.sourceforge.net<mailto:lam-public@lists.sourceforge.net>
Subject: Re: [Lam-public] Self Service Issue


Hi Steve,

please enable LAM's logging and check for the exact reason why the answer check 
failed:

https://www.ldap-account-manager.org/static/doc/manual/ch03.html#conf_logging

How many questions did you configure? Please note that when multiple questions 
are setup then all need to be answered.

Best regards
Roland
Am 12. Februar 2018 21:29:09 MEZ schrieb "Hannigan, Steve (SHANNIGA)" 
<shann...@arinc.com<mailto:shann...@arinc.com>>:
Good Day,


I can’t seem to get the Self Service security questions to work.
I’m concerned that the search string is not finding the appropriate attributes?


Error Reports “The answer to the security question is wrong”


I’ve played a little with what I believe to be the search string and get very 
little returned when attrs="* pwdaccountlockedtime aci" are added to the end of 
the search.


Any ideas or suggestions would be appreciated.
-Steve




LDAP Account Manager PRO 6.2.1
Platform is Redhat 7 with their Directory Server 10.1 and PHP 5.6 releases


Steve Hannigan
Sr System Administrator
Information Management Services/BS/TS&O
2551 Riva Road, Annapolis, MD 21401 USA
Phone: 410-266-2306
shann...@arinc.com<mailto:shann...@arinc.com>
stephen.hanni...@rockwellcollins.com<mailto:stephen.hanni...@rockwellcollins.com>
www.rockwellcollins.com<http://www.rockwellcollins.com/>




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public