Hi Steve, please set LAM's logging to level DEBUG and and then login to self service with the user. In log file you should see now a message starting with "DEBUG: LDAP attributes for". Then all LDAP data of the user are printed. Please post the objectClass values. They look e.g. like this:
[objectClass] => Array ( [0] => posixAccount [1] => shadowAccount [2] => inetOrgPerson [3] => passwordSelfReset ) Maybe the passwordSelfReset is returned in wrong case (e.g. as passwordselfreset). Best regards Roland On 13.02.2018 20:55, Hannigan, Steve (SHANNIGA) wrote: > I actually had "passwordSelfReset" associated with the user but it > wasn’t completely configured. > > Mainly because of “server setting access level ” – I had to change it > to “write” to complete the question/answer updates to the user’s LDAP > account. > > The “forgot password” feature works now and accepts the answers allowing > the password update. > > > > I’m still however, having an issue with LAM self service page. The page > layout is setup to offer password and questions/answers maintenance, but > only displays the password piece. > > > > Thanks, > > Steve > > > > *From:*Roland Gruber [mailto:p...@rolandgruber.de] > *Sent:* Tuesday, February 13, 2018 12:15 PM > *To:* lam-public@lists.sourceforge.net; Hannigan, Steve (SHANNIGA) > *Subject:* Re: [Lam-public] Self Service Issue > > > > Hi Steve, > > ok, this explains why you get the message about wrong answer. You need > to set it via LAM as the value is not stored as clear text. > > To show the self service question and answer your user needs to have the > object class "passwordSelfReset" on the LDAP account. > You can add this via LAM admin interface: > > https://www.ldap-account-manager.org/static/doc/manual/ch04s02.html#idm1767 > > The module allows to activate the extension by adding the object class. > > If you have a larger number of users then you can use the multi edit > tool inside LAM. > > Best regards > Roland > > Am 13. Februar 2018 16:45:23 MEZ schrieb "Hannigan, Steve (SHANNIGA)" > <shann...@arinc.com <mailto:shann...@arinc.com>>: > > As a follow-up, I may have confused the issue by hard coding the > questions and answers in the Directory Server. They weren’t working > correctly, so it was just something I tried. > > > > More in line with the actual issue, the security questions are defined > in the self service profile page layout, but they do not appear in the > LAM self service page. > > See attached images. > > > > Please let me know what I can provide to help solve this issue. > > > > Thanks, Steve > > > > > > *From:*Hannigan, Steve (SHANNIGA) [mailto:shann...@arinc.com] > *Sent:* Tuesday, February 13, 2018 8:41 AM > *To:* Roland Gruber; lam-public@lists.sourceforge.net > <mailto:lam-public@lists.sourceforge.net>; > lam-public@lists.sourceforge.net <mailto:lam-public@lists.sourceforge.net> > *Subject:* Re: [Lam-public] Self Service Issue > > > > I’ve tried with varied number of questions – one and three. > > > > Below is a snip from the log file: > > > > 2018-02-13 13:31:29: LDAP Account Manager ( - 10.243.56.35) - DEBUG: > Calling URL detected as > https://anplam01.arinc.com/lam/templates/misc/ajax.php?sec_token=1066992467476&selfservice=1&function=passwordStrengthCheck > > 2018-02-13 13:31:29: LDAP Account Manager (tvsjpf823khsvn4l4psql9dap6 - > 10.243.56.35) - WARNING: Detected unauthorized access to page that > requires login: /usr/share/ldap-account-manager/templates/misc/ajax.php > > 2018-02-13 13:31:39: LDAP Account Manager ( - 10.243.56.35) - DEBUG: > Calling URL detected as > https://anplam01.arinc.com/lam/templates/selfService/selfServiceSP.php?scope=user&name=BossNetReset&page=passwordSelfReset&language=en_US.utf8 > > 2018-02-13 13:31:39: LDAP Account Manager (tvsjpf823khsvn4l4psql9dap6 - > 10.243.56.35) - ERROR: Self service password reset: The answer to the > security question is wrong for uid=mlc,ou=People,ou=ims,dc=arinc,dc=com. > > > > Thanks, Steve > > > > *From:*Roland Gruber [mailto:p...@rolandgruber.de] > *Sent:* Tuesday, February 13, 2018 1:00 AM > *To:* lam-public@lists.sourceforge.net > <mailto:lam-public@lists.sourceforge.net>; Hannigan, Steve (SHANNIGA); > lam-public@lists.sourceforge.net <mailto:lam-public@lists.sourceforge.net> > *Subject:* Re: [Lam-public] Self Service Issue > > > > Hi Steve, > > please enable LAM's logging and check for the exact reason why the > answer check failed: > > https://www.ldap-account-manager.org/static/doc/manual/ch03.html#conf_logging > > How many questions did you configure? Please note that when multiple > questions are setup then all need to be answered. > > Best regards > Roland > > Am 12. Februar 2018 21:29:09 MEZ schrieb "Hannigan, Steve (SHANNIGA)" > <shann...@arinc.com <mailto:shann...@arinc.com>>: > > Good Day, > > > > I can’t seem to get the Self Service security questions to work. > > I’m concerned that the search string is not finding the appropriate > attributes? > > > > Error Reports “The answer to the security question is wrong” > > > > I’ve played a little with what I believe to be the search string and get > very little returned when attrs="* pwdaccountlockedtime aci" are added > to the end of the search. > > > > Any ideas or suggestions would be appreciated. > > -Steve > > > > > > LDAP Account Manager PRO 6.2.1 > > Platform is Redhat 7 with their Directory Server 10.1 and PHP 5.6 releases > > > > *Steve Hannigan* > > Sr System Administrator > Information Management Services/BS/TS&O > 2551 Riva Road, Annapolis, MD 21401 USA > Phone:410-266-2306 > shann...@arinc.com <mailto:shann...@arinc.com> > > stephen.hanni...@rockwellcollins.com > <mailto:stephen.hanni...@rockwellcollins.com> > www.rockwellcollins.com <http://www.rockwellcollins.com/> > > > > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Lam-public mailing list > Lam-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lam-public > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lam-public