Hi Steve,
please set LAM's logging to level DEBUG and and then login to self
service with the user. In log file you should see now a message starting
with "DEBUG: LDAP attributes for". Then all LDAP data of the user are
printed.
Please post the objectClass values. They look e.g. like this:
[objectClass] => Array
(
[0] => posixAccount
[1] => shadowAccount
[2] => inetOrgPerson
[3] => passwordSelfReset
)
Maybe the passwordSelfReset is returned in wrong case (e.g. as
passwordselfreset).
Best regards
Roland
On 13.02.2018 20:55, Hannigan, Steve (SHANNIGA) wrote:
> I actually had "passwordSelfReset" associated with the user but it
> wasn’t completely configured.
>
> Mainly because of “server setting access level ” – I had to change it
> to “write” to complete the question/answer updates to the user’s LDAP
> account.
>
> The “forgot password” feature works now and accepts the answers allowing
> the password update.
>
>
>
> I’m still however, having an issue with LAM self service page. The page
> layout is setup to offer password and questions/answers maintenance, but
> only displays the password piece.
>
>
>
> Thanks,
>
> Steve
>
>
>
> *From:*Roland Gruber [mailto:[email protected]]
> *Sent:* Tuesday, February 13, 2018 12:15 PM
> *To:* [email protected]; Hannigan, Steve (SHANNIGA)
> *Subject:* Re: [Lam-public] Self Service Issue
>
>
>
> Hi Steve,
>
> ok, this explains why you get the message about wrong answer. You need
> to set it via LAM as the value is not stored as clear text.
>
> To show the self service question and answer your user needs to have the
> object class "passwordSelfReset" on the LDAP account.
> You can add this via LAM admin interface:
>
> https://www.ldap-account-manager.org/static/doc/manual/ch04s02.html#idm1767
>
> The module allows to activate the extension by adding the object class.
>
> If you have a larger number of users then you can use the multi edit
> tool inside LAM.
>
> Best regards
> Roland
>
> Am 13. Februar 2018 16:45:23 MEZ schrieb "Hannigan, Steve (SHANNIGA)"
> <[email protected] <mailto:[email protected]>>:
>
> As a follow-up, I may have confused the issue by hard coding the
> questions and answers in the Directory Server. They weren’t working
> correctly, so it was just something I tried.
>
>
>
> More in line with the actual issue, the security questions are defined
> in the self service profile page layout, but they do not appear in the
> LAM self service page.
>
> See attached images.
>
>
>
> Please let me know what I can provide to help solve this issue.
>
>
>
> Thanks, Steve
>
>
>
>
>
> *From:*Hannigan, Steve (SHANNIGA) [mailto:[email protected]]
> *Sent:* Tuesday, February 13, 2018 8:41 AM
> *To:* Roland Gruber; [email protected]
> <mailto:[email protected]>;
> [email protected] <mailto:[email protected]>
> *Subject:* Re: [Lam-public] Self Service Issue
>
>
>
> I’ve tried with varied number of questions – one and three.
>
>
>
> Below is a snip from the log file:
>
>
>
> 2018-02-13 13:31:29: LDAP Account Manager ( - 10.243.56.35) - DEBUG:
> Calling URL detected as
> https://anplam01.arinc.com/lam/templates/misc/ajax.php?sec_token=1066992467476&selfservice=1&function=passwordStrengthCheck
>
> 2018-02-13 13:31:29: LDAP Account Manager (tvsjpf823khsvn4l4psql9dap6 -
> 10.243.56.35) - WARNING: Detected unauthorized access to page that
> requires login: /usr/share/ldap-account-manager/templates/misc/ajax.php
>
> 2018-02-13 13:31:39: LDAP Account Manager ( - 10.243.56.35) - DEBUG:
> Calling URL detected as
> https://anplam01.arinc.com/lam/templates/selfService/selfServiceSP.php?scope=user&name=BossNetReset&page=passwordSelfReset&language=en_US.utf8
>
> 2018-02-13 13:31:39: LDAP Account Manager (tvsjpf823khsvn4l4psql9dap6 -
> 10.243.56.35) - ERROR: Self service password reset: The answer to the
> security question is wrong for uid=mlc,ou=People,ou=ims,dc=arinc,dc=com.
>
>
>
> Thanks, Steve
>
>
>
> *From:*Roland Gruber [mailto:[email protected]]
> *Sent:* Tuesday, February 13, 2018 1:00 AM
> *To:* [email protected]
> <mailto:[email protected]>; Hannigan, Steve (SHANNIGA);
> [email protected] <mailto:[email protected]>
> *Subject:* Re: [Lam-public] Self Service Issue
>
>
>
> Hi Steve,
>
> please enable LAM's logging and check for the exact reason why the
> answer check failed:
>
> https://www.ldap-account-manager.org/static/doc/manual/ch03.html#conf_logging
>
> How many questions did you configure? Please note that when multiple
> questions are setup then all need to be answered.
>
> Best regards
> Roland
>
> Am 12. Februar 2018 21:29:09 MEZ schrieb "Hannigan, Steve (SHANNIGA)"
> <[email protected] <mailto:[email protected]>>:
>
> Good Day,
>
>
>
> I can’t seem to get the Self Service security questions to work.
>
> I’m concerned that the search string is not finding the appropriate
> attributes?
>
>
>
> Error Reports “The answer to the security question is wrong”
>
>
>
> I’ve played a little with what I believe to be the search string and get
> very little returned when attrs="* pwdaccountlockedtime aci" are added
> to the end of the search.
>
>
>
> Any ideas or suggestions would be appreciated.
>
> -Steve
>
>
>
>
>
> LDAP Account Manager PRO 6.2.1
>
> Platform is Redhat 7 with their Directory Server 10.1 and PHP 5.6 releases
>
>
>
> *Steve Hannigan*
>
> Sr System Administrator
> Information Management Services/BS/TS&O
> 2551 Riva Road, Annapolis, MD 21401 USA
> Phone:410-266-2306
> [email protected] <mailto:[email protected]>
>
> [email protected]
> <mailto:[email protected]>
> www.rockwellcollins.com <http://www.rockwellcollins.com/>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> Lam-public mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/lam-public
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
