Issue with Lockout Duration in Password Policy in OAM

Similar Messages

• Any issue and/or advice with activation of global password policy (10.9 osx server) ?

  Hi Pro,
  I have an OD domain (10.9.1 server) with 20 users mobile account (10.9.1 osx) authentification, I’d like to enable a global password policy, and I'm curious what actually happens when I add some policy in Server Admin > Open Directory > gear > edit global password policy?
  If I set a "reset every 45 days" option, is that from the time the policy is enabled, or from the time the user account was created?
  Any issue with Keychain ?
  If I set a "must have one letter" or "numeric character", etc...and the user doesn't currently have a password that matches this criteria, will they be forced to set a new password immediately, or the next time one is initiated, did the account will be disable?
  I just trying to prevent any bad experience for the users.
  Thanks

  Hi,
  The 45 days will start from the moment you enable that setting for all active users, and will start whenever you create a new OD user.
  There won't be any issues with Keychain, it will updated when a new password is set. On that specific day when they login or restart, they need to choose a new password. Keychain will update automatically.
  The new policy will start working after the 45 days have been set. After 45 days that policy will be enforced, not before, users can continue to work with a less secure password. About 10 days before that deadline or earlier they will get an option in their login screen to renew their password because it will inform them it will expire soon.
  You might want to notify all users of a new password policy when you set it and then inform them again about a week before it will expire. That will ensure a smooth transition...
  Goodluck!
  Jeffrey

• Issues with changing Apple Mail password!?!

  I just tried changing my Apple Mail password in the Mail Preferances window, within the incoming mail server "password" field.  I saved my changes, and now every 2-5 minutes I get an error message telling me to enter my mail password in the pop-up field.  I do so, and then I get the error message again 2-5 minutes later!!  What's going on here??
  I'm also not receieving incoming mail now...
  Please let me know if you have a solution!

  sounds like a keychain issue.
  Try this:
  go to Utilities > Keychain Access and delete all entries relating to that mail account.
  in the keychain Access Menu, do Keychain First Aid. Enter your passord, pick repair, and click start.
  Go back to Mail and delete that account (don't just inactivate it, delete it).
  I don't know if a restart is necessary at this point, but it wouldn't hurt.
  go back to mail and recreate the account

• I'm have issues with my email and password not working?  Any help on this matter?  I would really like to start using my new Ipad!!!

  I can sign in on the computer, but not on my ipad???  What's wrong?  Help!

  Thanks for your help.  I had already done the "forget this device" but had forgotten about the part of entering the passcode with the keyboard in order to pair.  I found my instruction sheet after I posted my cry for help and when I did the pairing procedure right, it worked.  It's weird that it decided to unpair itself.  Both my husband and our daughter have the same keyboard and neither of them have had this happen.  At least now I know what to do if it happens in the future.

• Start Up Issue with user name and password

  I have just received a iphone I managed to put in a email address incorrect so I can't get into apps etc. How do I correct?

  NO !!
  If I have helped at all, a click on the White Star is always appreciated :
  you can also help others by marking 'accept as solution' 

• Reset Password policy rules

  Hi all -
  Anyone know how we can get the characters 1,0 I, L, O, B, 8, Z, 2 to be removed from the random password generator (as they may cause a problem especially for users with sight problems)?
  Password policy doesn;t seem to prohibit specific letters or allow you to customise for the reset password case
  Thanks
  --Calum                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  Calum,
  The "password policy" setting have an option to specify "Must not contain words". Did you try specifying the letters in there?
  Alternatively, you can write your own random password generator rule and if the generated password contains any of those above characters then issue a fresh one, else use it.
  HTH
  Suvesh Sharma

• OAM Password policy not working.

  Hi All,
  I am configuring a password policy in OAM which enforces the user to reset his password at first login. OAM is using OID as user store and I have added oblix password related objectclasses to OAM schema. OIM is used to provision all users to OID. I have also enabled the Checkbox Change on Reset in password policy.
  I have also made certain attributes visible in OAM user manager such as obpasswordchageflag, oblastsuccesfullogin, oblastfaillogin etc.,
  Once the user is created in OID through OIM, the values for attributes obpasswordchageflag, oblastsuccesfullogin, oblastfaillogin are empty.
  Case1: obpasswordchangeflag attribute value is empty for user say oamtestuser. oamtestuser logs in to OAM protected application with default password provided in OIM. I could see the oblastsuccesfullogin attribute value updated in oamtestuser profile as expected. Similarly oblastfaillogin value also got updated for failed login as expected.
  Case2: obpasswordchangeflag set to true manually in user profile for oamtestuser. oamtestuser logs into OAM protected application with default password. Upon submit, user is redirected the change password page which prompts the user to enter current password and new password. Upon submit user will be shown another page with backup button. Upon clicking back button, user is asked to login to the application once again with new password. Upon submit, user is shown change password page again instead of logging to application with new password. I have noticed that obpasswordchangeflag attribute value is still set as true.
  Case3: After executing Case2, even after modifying the obpasschangeflag value to false or making empty, the attribute values of oblastsuccesfullogin and oblastfaillogin are not getting updated accordingly.
  Please let me know if you have any clue on this.
  This is really urgent. Would appreciate quick help.
  Thanks.
  Mahendra.

  HI Sagar,
  Thanks for the response.
  Another major update: When we tried creating user using OAM workflow, the obpasswordchangeflag got true value by default and password change functionality worked as expected. So it is obviously an issue with provisioning user through OIM. We manually created an attribute obpasswordchangeflag and provisioned a new user with value as true but still the user profile in OAM User Manager for attribute obpasswordchangeflag is empty. This means that there needs to be some mapping which we are missing i.e., an attribute in OIM has to be mapped correctly with OID attribute obpasswordchangeflag .
  So we are searching for this mapping stuff. Do you have any other opinion on this?
  Thanks
  Mahendra.

• Issue with optional prompt

  Hello,
  We have a universe built on top of bex query and it has a couple optional prompts prebuilt with the help of variables in the bex query. My understanding is that when there is optional prompt the lov is not generated unless the user manully clicks the refresh lov button on prompt window. This is how it works in the webi report I built on the universe. But when I use the same webi report as a live office component in the xcelsisus dashboard the lov's are genrated ignoring the <optional> prompt which is causing lot of delay refreshing the dashboard. This happens only when I have the connection in the universe to use SNC( Single sign On). I dont see any issue with hardcoded username and password.
  any thoughts?
  Thanks
  Ram

  Ingo
  >> What exactly you mean here that a list of values is being generated ? a list of values doesn't show up automatically in Xcelsius for the dashboard - it needs to be created / designed as part of the Xcelsius design.
  When I have a prompt with <optional> tag in the universe the webi report or xcelsius should not request the new lov's from the database it should only use the lov's available in chache. 
  But I my case I am using SSO connection in the universe, when the SSO is turned ON the lov's from chache cann't be used, the webi report is not requesting a lov's from the database when there is no chache or when the chache off which is correct. but the live office plugin iin xcelsius s requesting new lov's from database everytime I refresh a connection.
  In xcelsius we are not using any list of values, I don't think lov's are usefull in xcelsius dashboard as we can't see the prompt window in the flash mode.
  Thanks
  Ram

• Apply password policy to all users

  Hi,
  I have been poking around with setting up a password policy on Sun DS 6.3.1. Everything works ok but I only have seen examples of how to apply the password policy to a single user, with an ldif something like:
  dn: uid=pepe,ou=People,dc=mycompany,dc=com
  changetype: modify
  replace: pwdPolicySubentry
  passwordPolicySubentry:
  cn=MyPolicy,dc=mycompany,dc=com
  but I haven't figured out how to apply it to all users or to a group of users. What I would like to do is to apply the policy to all users under ou=People,dc=mycompany,dc=com.
  Any tips ?
  Thanks in advance.

  For all users, simply modify the global password policy.
  For specific group of users, create a password policy and a Class of Service which links the users to the policy. Just search the directory server docs on how to do that in details.

• Password Policy creation error: Incorrect Domain Name

  Hi folks,
  I'm getting rather strange error ("Incorrect Domain Name") while trying to create a new Password Policy in OAM to enable user account lockout. I provide a name for the Password Policy, and use simple Policy Domain I've created as "Password Policy Domain", plus some basic values. I realize it's something simple, yet I cannot figure why the domain name would be incorrect.
  Any help is greatly appreciated.
  Thank you
  Roman

  In the password policy domain field you have to enter the base dn for the user to which this policy will be applied. something like ou=users,dc=company,dc=com
  Check the directory profile of the user store.

• Provisioning issues with password changes

  I have installed and configured IDM7.1+sp3 with our AS Java portal. Most features seems to work OK, except:
  1.1. Changing fullname, display name, address, etc work - but salutation or title info doesn't display correctly (only when language independant).
  1.2. Can lock the user - but not unlock.
  1.3. Can change password (self service or via Management tab) - but password "disappears" and user can't login again via the UI or directly thru the LogonGUI.
  1.4. If the user's password expires, he gets prompted to change it - this change works fine.
  After "devouring" all the documentation I could fine... I read in the Release Notes the following:
  2.1. Users are authenticated by the SAP NetWeaver AS Java (and not by the Identity Center). The password policy of the Identity Center is not used.
        = enabling or disabling "password provisioning" in the Password Policy tab makes no difference then?
  2.2 The login task does no longer exist since the authentication is done by the SAP NetWeaver AS Java (UME).
        = ok I get this part...
  2.3 Change of password is handled by SAP NetWeaver AS Java (UME) and the change password task is no longer available.
        = so the Password Reset tab is also "pointless"?
  2.4 A user's MSKEYVALUE is used as the UME logon ID.
        = right
  2.5 Password reset is handled by SAP NetWeaver AS Java. See SAP NetWeaver Identity Management Identity Center Implementation Guide u2013 Self-service password reset for details
        = (what should I do with this?) I did get this working but stopped with some error about the "encrypt password".
  My SAP landscape is pretty standard (no custom fields/attributes) - so the IDM Provisioning framework should work "out of the box" - in my understanding...
  Any ideas?
  Sorry about the multiple postings - issue with proxy server. Pls ignore/remove the extras.

  Hi.
  I try to give some answers based on my experience below:
  1.1. Changing fullname, display name, address, etc work - but salutation or title info doesn't display correctly (only when language independant).
  >> Have you checked that the user has correct language set in Java UME? Also check that in Presentation page of the corresponding Attribute the Display name parameter is set with corresponding languages used.
  1.2. Can lock the user - but not unlock.
  >> Can you see any errors e.g. in Job Log? Would help to solve the issue
  1.3. Can change password (self service or via Management tab) - but password "disappears" and user can't login again via the UI or directly thru the LogonGUI.
  >> The reason might be the encryption of the password. Typically the UI should take care of the encrypting the password into MX_ENCRYPTED_PASSWORD attribute, especially when you're implementing tasks like Self Service Password Reset. I've noticed that when I disabled the Enable Password Provisioning option for the Identity Store, I got rid of the error regarding attribute MX_ENCRYPTED_PASSWORD and UI automatic encryption started to work. (In my case two way pwd provisioning is not needed) Otherwise if you have issues with encrypted password in your custom tasks, check whether the value is encrypted and use java script to encrypt the password when reading the value form the UI field and saving it to MX_ENCRYPTED_PASSWORD attribute, if applicable.
  Hopefully this helps you even a bit.
  Br. Jukka

• OAM 10g Reset Password Issue in Password Policy Management

  Hi,
  We are using OAM 10g and we have configured password policy for our application with selecting "Change on Reset" Check Box.
  We have created new user in create user identity tab and when we are logging with new user for the first time, it is not redirecting to the reset password page.
  Can someone shed light on this issue?
  Thanks,
  Ganesh

  Hi Colin,
  As you said, We have configured obpasswordchangeflag in Create User Workflow by setting the default value true.
  We have created new user in create user tab and checked in LDAP Browser as it is showing obpasswordchangeflag =true in newly created user's profile.
  Now, when we are trying to login with new user, it is still not redirecting to the Reset Password Page.
  please find below the url which we have configured in Password Policy Change Redirect URL:
  /identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login=%loginid%%userid%&backURL=%HostTarget%%RESOURCE%&STLogin=%applySTLogin%&target=top&style=style1
  Can you please help me on this issue?
  Thanks,
  Ganesh

• Issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

  issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

  issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

• How do you apply the same password policy to every PDF document you create with inDesign?

  All,
  Adobe peeps!,
  I don't know if this is really supported with inDesign 5.5, but here is my my use case:
  I constantly create more than 10 PDFs a day using inDesign
  On  all PDF's I create, i want to apply password security to protect them
  But in order to do so, within inDesign, I am   always forced to go to the "security dialogue" pane to set up the same permission  and passwords over and over again
  This gets tiring :/
  So what I am hoping to do is  the following:
  Like acrobat, I want to create a password policy within inDesign
  I want all PDFs created to have such a password policy  be automatically applied
  I know acrobat supports something like this (http://help.adobe.com/en_US/acrobat/pro/using/WS58a04a822e3e50102bd615109794195ff-7d68.w.h tml), but, unless I may have missed something, the Acrobat feature is limited. That is, the help link  does not tell me how to automatically do this with Acrobat either (the link does not explain to me how to "automatically apply the same password security policy to every PDF document I save within the application). I think the only way to do so is via "Adobe LiveCycle Rights Management ES", but for non server users, I am hoping there is another way.
  So my questions are:
  Is it possible to create password security policies in inDesign?
  Is it possible to apply the same password security policy to every PDF i create in inDesign?
  If not, can I change default settings within Acrobat ProX to automatically apply a password security policy everytime I save a PDF?
  If all fails, do you guys know of any extensions that can support this?
  Any help would be great. Thanks!

  Steve,
  Thanks for your notes. To follow up on your response.
  Bummer. I kinda had a hunch at this inDesign limitation.
  I have been aware of the method for setting up of a security policy within Acrobat. While this feature does cut down some of the work involved in creating and applying password policies to pdfs, what I am looking for with Acrobat is to apply the same password policy to every document I save from the app. Automatically. Without having to manualy select a policy.
  I think my solution will have to lie in me creating some sort of script to help support this need. I don't think Acrobat Pro X has the capabilities to allow me to tinker with, say, creating a save PDF preset that will allow me to automatically apply a password policy.
  PS. I am using acrobat pro x.

• I'm trying to connect to my home wifi with my imac gh5. After I enter the password it says connection timeout or password incorrect. I know there's no issue with the connection but I don't know what else to do. Does anyone know how to fix this problem?

  I'm trying to connect to my home wifi with my imac gh5. After I enter the password it says connection timeout or password incorrect. I know there's no issue with the connection but I don't know what else to do. Does anyone know how to fix this problem?

  What is the make & model of your home Wi-Fi router that you are attempting to connect your G5 iMac to? Which exact model of iMac do you have?
  What wireless security type is your router using: WEP, WPA, or WPA2? If you temporarily disable wireless security, can the iMac connect to it now?