LDAP - Reset passwordExpirationTime

Hello,
I am trying to use LDAP to modify a specific user's password in
e-directory and also resetting the passwordExpirationTime to its
original expiration length. I can change the password without a problem
but every time I attempt to modify the passwordExpirationTime attribute
it sets it to 0.
We are using E-Directory 8.8 SP5 and also have Universal Password
enabled. I believe this might be where the problem lays but I'm new to
the Novell and E-Directories infrastructures.
Before posting this thread I searched the forum and I found a few
things. One thing I did try was setting the time format in seconds
before 1970 instead of the YYMMddHHmmssZ format. When I did this I
received a LDAP "Constraint Violation" error. Any ideas? Thanks in
advance!
Tim Burrows
Application Developer
M.S. Kennedy Corporation
tburrows315
tburrows315's Profile: http://forums.novell.com/member.php?userid=85424
View this thread: http://forums.novell.com/showthread.php?t=410492

AFAIR this is native eDirectory behaviour. If an admin and not the user
himself modifies a password with expiration time, the expiration is set
to
01.01.1980 (which might be 'zero') for security reasons. So you have to
do two steps: First modify the passwort and close! (save that change)
that task. eDir will save the password and set the password to expired
by setting the expiration time to zero. In the second step, you modify
the expiration time.
HTH
Tom
What might work also is first disabling expiration time, changing the
password
and then reenabling expiration time.
bwisupport
bwisupport's Profile: http://forums.novell.com/member.php?userid=19240
View this thread: http://forums.novell.com/showthread.php?t=410492

Similar Messages

  • LDAP Reset Password

    Hi,
    How can i reset password of an user in LDAP from SAP.
    thank you

    Hi Joseph,
    I think U can acheve this by transaction LDAP.
    U could also check following link.
    /people/sap.user72/blog/2004/09/01/bsp-howto-fun-with-ldap-and-bsps
    Cheers
    Ankur
    Message was edited by: Ankur Jain

  • How to get the value of passwordexpirationtime at LDAP

    LDAP Gurus,
    I want to sent an email notification before user's password is expired, so I need get the value of attribute "passwordexpirationtime" for all the users.
    while I tried a lot of ways, but I can not see and get the value.
    e.g command and output of 1 user as follow
    ldapsearch -p 370 -h ldapserver.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=*
    dn: uid=user1,ou=People, dc=abc,dc=com
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetorgperson
    objectClass: posixAccount
    objectClass: shadowaccount
    givenName: John
    sn: Paul
    description: John Paul
    loginShell: /bin/bash
    gidNumber: 9042
    uidNumber: 9042
    uid: user1
    cn: John Paul
    gecos: John Paul
    homeDirectory: /export/home/user1
    Question:
    which ldap command and options can be used to get the value of attribute "passwordexpirationtime" for all the users.
    Environment:
    Sun Directory Server 5.2_Patch_4
    Thanks you in advance.

    Thanks your guys help first.
    1.we need send email notification to user before password expired as a lot of users not often login servers(UNIX) and they even can not get password expired prompt, these users are personal UNIX users, not service users. we need the value of passwordexpirationtime to do a script to send email.
    2. I tried these command you advised, while still can not get the value of passwordexpirationtime.
    1)ldapsearch -p 370 -h ldapserver1.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=* passwordexpirationtime
    dn: uid=d411,ou=People, dc=abc,dc=com
    dn: uid=user2,ou=People, dc=abc,dc=com
    2)ldapsearch -p 370 -h ldapserver1.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=passwordobject passwordexpirationtime
    ldapsearch -p 370 -h ldapserver1.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=passwordobject
    output is nothing.
    3.Enrique mentioned about passwordobject object class to have access to the passwordexpirationtime attribute. I am not sure if it has been
    granted/defined or not.while I check the DS GUI as follow(sorry I can not past screenshoot here, so I need describe as follow)
    when I go to DS server GUI, configuration->Schema and select "passwordobject" under Standard Object Classes(Read-Only), I can see there are "passwordExpirationTime" Under Allowed Attributes.
    if NOT, what I need do to grant the access (or through create custom object), how this will affect our ldap server as ldap server is very critical.
    4.I did above ldapsearch using unix root user, do I need use ldap directory manager user to do search, if so , how I can put manager username/password into ldapsearch command?
    Again thank all your help.

  • Reset Password of ldap Users

    Hi ,
    I am using Directory Server 5.2 Version. My query is:
    - How I can reset password of large number of users in Ldap.
    Help Required.
    TIA
    Nawaz

    Write an LDIF file that contains all the Modifications.
    You need to know the DNs of all the entries for which you want to reset the password.
    Then for each DN create a record (single line separation between the records)
    dn: cn=John,dc=example,dc=com
    changetype: modify
    replace: userPassword
    userPassword: changeme!
    dn: <another DN...>
    Regards,
    Ludovic.

  • How to reset all ldap users locale in ep7

    Hi all:
       We have ep7. Our ep7 ume is connected to Windows Active Directory.   However, all users's locale is empty. Can I reset all these user's locale to en, is there any place for configure the default locale in UME LDAP ?

    Hi
              Please check SAP Note Number: 684741.
    Cheers.
    Please award points for helpful answers.

  • Snow Leopard Server reset LDAP Admin password

    Hi,
    I have taken over the maintenance of a Mac Mini server. The previous persone left the Server Admin crudentials but no information regarding LDAP Admin.
    Could not find the information in the Keychain non of the known usernames and passowords work either.
    Any idea how to reset the LDAP Admin password?
    Thanks!
    Rogier

    The typical user created for managing Open DIrectory LDAP is Directory Administrator (diradmin), though it's possible to have a different user. 
    Launch Workgroup Manager and authenticate to the server, and have a look around for that user.   (If necessary, click Accounts head-and-shoulders icon on the top, and then the other head-and-shoulders icon.  This will get you to the accounts, and specifically to the users that are in Open Directory)
    If you find that user, or any other users that has a checkmark for "administer this server" for that matter, then those are the passwords you'll be changing. 
    If Workgroup Manager shows the user as locked, click on the padlock. 
    (All of this assumes that you have access to Workgroup Manager through some user that can administer the Open Directory server.  If not, then you'll want to ask your predecessor, or you'll be breaking into the database.)
    The password is on the same display as the user accounts.
    I'd strongly recommend getting a backup of everything before making any changes.  Boot the DVD installation disk, and use Disk Utility from the Utilities menu to create disk images to external disks from there.  Probably two copies, on two disks.  Mistakes here can be bad, and you'll want to have a good copy regardless.

  • Connection reset when obtaining Realms from LDAP provider

    Properties props = new Properties();
    props.put( "provider", JAZNProvider.Type.LDAP);
    props.put( "location", "ldap://<myoidurl>:389");
    props.put( "ldap.user", "cn=orcladmin");
    props.put( "ldap.password", "!<mypwd>");
    JAZNConfig cfg = new JAZNConfig(props);
    JAZNProvider prov = cfg.getJAZNProvider();
    Set realms = prov.getRealmManager().getRealms(); <---- causes following error
    Exception in thread "main" oracle.security.jazn.JAZNNamingException: The system is unable to communicate with the directory or naming service.
         at oracle.security.jazn.spi.ldap.LDAPContext.getSSLDirContext(LDAPContext.java:622)
         at oracle.security.jazn.spi.ldap.LDAPContext.getDirContext(LDAPContext.java:487)
         at oracle.security.jazn.spi.ldap.LDAPContext.getDefaultDirContext(LDAPContext.java:246)
         at oracle.security.jazn.spi.ldap.LDAPContext.getOrclRootCtxDN(LDAPContext.java:187)
         at oracle.security.jazn.spi.ldap.LDAPContext.getSiteJAZNCtxDN(LDAPContext.java:222)
         at oracle.security.jazn.spi.ldap.LDAPRealmManager.searchRealms(LDAPRealmManager.java:1087)
         at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(LDAPRealmManager.java:200)
         at client.JaznTest.<init>(JaznTest.java:41)
         at client.JaznTest.main(JaznTest.java:54)
    Caused by: javax.naming.CommunicationException: oidtest.ncdenr.org:389 [Root exception is java.net.SocketException: Connection reset]
         at com.sun.jndi.ldap.Connection.<init>(Connection.java:194)
         at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
         at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1578)
         at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2596)
         at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
         at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
         at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
         at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
         at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
         at javax.naming.InitialContext.init(InitialContext.java:223)
         at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
         at oracle.security.jazn.spi.ldap.LDAPContext.getSSLDirContext(LDAPContext.java:613)
         ... 8 more
    Caused by: java.net.SocketException: Connection reset
         at java.net.SocketInputStream.read(SocketInputStream.java:168)
         at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:284)
         at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:319)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:720)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
         at oracle.security.jazn.spi.ldap.JAZNSSLSocketFactoryImpl.init(JAZNSSLSocketFactoryImpl.java:228)
         at oracle.security.jazn.spi.ldap.JAZNSSLSocketFactoryImpl.createSocket(JAZNSSLSocketFactoryImpl.java:170)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:585)
         at com.sun.jndi.ldap.Connection.createSocket(Connection.java:311)
         at com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
         ... 21 more

    The reset seems to happen after 5 minutes. Is there any network device in between 153.88.247.15 and the DPS? It could also be a idle timeout on the box or app on 153.88.247.15

  • Error resetting AD password LDAP: error code 19

    I am getting following exceptions when i try to reset the password of some users in some of my Active directories.
    please help me
    //set password is a ldap modify operation               
                   ModificationItem[] mods = new ModificationItem[2];
                   String oldQuotedPassword =
                        AD_PASSWORD_QUOTE + oldPassword + AD_PASSWORD_QUOTE;
                   byte[] oldUnicodePassword =
                        oldQuotedPassword.getBytes(AD_PASSWORD_ENCODE);
                   String newQuotedPassword =
                        AD_PASSWORD_QUOTE + newPwd + AD_PASSWORD_QUOTE;
                   byte[] newUnicodePassword =
                        newQuotedPassword.getBytes(AD_PASSWORD_ENCODE);
                   mods[0] =
                        new ModificationItem(
                             DirContext.REMOVE_ATTRIBUTE,
                             new BasicAttribute(
                                  AD_PASSWORD_ATTRIBUTE,
                                  oldUnicodePassword));
                   mods[1] =
                        new ModificationItem(
                             DirContext.ADD_ATTRIBUTE,
                             new BasicAttribute(
                                  AD_PASSWORD_ATTRIBUTE,
                                  newUnicodePassword));
                   TR.trace(
                        Trace.LEVEL1,
                        "changeADPassword",
                        "Start reset password for AD ");
                   // Perform the update of pasword.               
                   ctx.modifyAttributes(dnUser, mods);
    Unable to changePassword - Reason: com.ibm.swservices.websphere.registry.RegistryException: Could not change AD password. Reason: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 00000005: AtrErr: DSID-03190EFF, #1:
         0: 00000005: DSID-03190EFF, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd); remaining name 'CN=zxx22,OU=Test,OU=Clients,OU=Customer,DC=xxx,DC=xxx'
    faultActor: null
    faultDetail:
    javax.xml.soap.SOAPException: Unable to changePassword - Reason: com.ibm.swservices.websphere.registry.RegistryException: Could not change AD password. Reason: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 00000005: AtrErr: DSID-03190EFF, #1:
         0: 00000005: DSID-03190EFF, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd); remaining name 'CN=zxx22,OU=Test,OU=Clients,OU=Customer,DC=xxx,DC=xxx'
         at com.ibm.ws.webservices.engine.WebServicesFault.makeFault(WebServicesFault.java:156)
         at com.ibm.ws.webservices.engine.providers.java.JavaProvider.invoke(JavaProvider.java:294)
         at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:212)
         at com.ibm.ws.webservices.engine.handlers.WrappedHandler.invoke(WrappedHandler.java:61)
         at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:212)
         at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:212)
         at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:255)
         at com.ibm.ws.webservices.engine.transport.http.WebServicesServlet.doPost(WebServicesServlet.java:893)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code))
         at com.ibm.ws.webservices.engine.transport.http.WebServicesServletBase.service(WebServicesServletBase.java:341)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code))
         at com.ibm.ws.cache.servlet.ServletWrapper.serviceProxied(ServletWrapper.java(Inlined Compiled Code))
         at com.ibm.ws.cache.servlet.CacheHook.handleFragment(CacheHook.java(Compiled Code))
         at com.ibm.ws.cache.servlet.CacheHook.handleServlet(CacheHook.java(Compiled Code))
         at com.ibm.ws.cache.servlet.ServletWrapper.service(ServletWrapper.java(Compiled Code))
         at com.ibm.ws.webcontainer.servlet.StrictServletInstance.doService(StrictServletInstance.java(Compiled Code))
         at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._service(StrictLifecycleServlet.java(Compiled Code))
         at com.ibm.ws.webcontainer.servlet.IdleServletState.service(StrictLifecycleServlet.java(Compiled Code))
         at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.service(StrictLifecycleServlet.java(Inlined Compiled Code))
         at com.ibm.ws.webcontainer.servlet.ServletInstance.service(ServletInstance.java(Compiled Code))
         at com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.dispatch(ValidServletReferenceState.java(Compiled Code))
         at com.ibm.ws.webcontainer.servlet.ServletInstanceReference.dispatch(ServletInstanceReference.java(Inlined Compiled Code))
         at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java(Compiled Code))
         at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java(Compiled Code))
         at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java(Compiled Code))
         at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java(Compiled Code))
         at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java(Compiled Code))
         at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java(Compiled Code))
         at com.ibm.ws.webcontainer.cache.invocation.CacheableInvocationContext.invoke(CacheableInvocationContext.java:116)
         at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java(Compiled Code))
         at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java(Compiled Code))
         at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java(Compiled Code))
         at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java(Compiled Code))
         at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:449)
         at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:912)

    It's most likely to be a password policy problem.
    If your Active Directory password policy is enforcing password history, minimum password length, minimum password age or password complexity, then this will raise the LDAP Error Code 19 (invalid attribute exception), with an Active Directory problem code of 1005.

  • RESET LDAP CONFIGURATION COMPLETLY

    I have a problem with my LDAP.
    It has the local address (127.0.0.1), and another that were an old Replica (192.168.1.254).
    I would like to remove this Replica address, to be able to redo it later.
    When I try to config my Replica, I have an error mensage that users are already in my server.
    So... I want to put my Server as Standalone and RESET LDAP.
    When I change from Master to Standalone, Replica LDAP persist in my WGM.
    Thanx any help.

    Hi,
    I didn't really gett the details. Are you using one machine or two machines?
    Also, when you handle these, give it some time to go thru. I have had problems with replicas appearing a bit too long. But they have dissapeared.
    Also, have a look directory in the directory settings on the involved machines. make sure to unbind and delete LDAP servers from the LDAP settings before you restart your process to set the servers up as master and replica again.
    If you need more - please give som more information...
    /tobias

  • Resetting passwords in AD LDS not honoring password history via Java ldap api

    I am trying to implement reset password functionality for accounts in Windows 2012 R2 AD
    LDS via java ldap api. But it is not honoring password history constraint. When I tried to implement change password it is enforcing password history. I am using the following code to reset password.
    @Override
    public void updatePassword(String password) throws LdapException {
    try {
    String quotedPassword = "\"" + password + "\""; 
    char unicodePwd[] = quotedPassword.toCharArray(); 
    byte pwdArray[] = new byte[unicodePwd.length * 2]; 
    for (int i=0; i pwdArray[i*2 + 1] = (byte) (unicodePwd[i] >>> 8); 
    pwdArray[i*2 + 0] = (byte) (unicodePwd[i] & 0xff); 
    ModificationItem[] mods = new ModificationItem[]{new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new
    BasicAttribute("UnicodePwd", pwdArray))};
    LdapContext ldapContext = (LdapContext)ldapTemplate.getContextSource().getReadWriteContext();
    final byte[] controlData = {48,(byte)132,0,0,0,3,2,1,1};
    BasicControl[] controls = new BasicControl[1];
    final String LDAP_SERVER_POLICY_HINTS_OID = "1.2.840.113556.1.4.2239";
    controls[0] = new BasicControl(LDAP_SERVER_POLICY_HINTS_OID, true, controlData);
    ldapContext.setRequestControls(controls);
    ldapContext.modifyAttributes(getRelativeDistinguishedName(), mods);
    } catch (Exception e) {
    throw new LdapException("Failed to update password for:" + this.getDistinguishedName(),
    e);
    Please let me know if I am doing anything wrong.

    Hi,
    I suggest you check password policy on the AD LDS server.
    If the server is under workgroup mode, then local password policy is applied; if it is domain-joined, domain password policy over-rides local password policy, you may also need to check if there is any PSO configured.
    More information for you:
    AD DS: Fine-Grained Password Policies
    https://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx
    Step 4: View a Resultant PSO for a User or a Global Security Group
    https://technet.microsoft.com/en-us/library/cc770848(v=ws.10).aspx
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Bulk password reset for ldap resource

    Hi
    I have configured 200 no of LDAP resources in my local IDM.but when I am trying to reset password of these resources by bulk action update
    using this command
    command,resourceType,resource,resourceAttributes[credentials].value
    Update,LDAP,openDJ11,password
    then I am getting the below error
    java.lang.IllegalStateException: Error attempting to decrypt: Input length not multiple of 8 bytes
    any suggestion will be apriciated. thanks in advance

    Hi dhurgan,
    Thanks for your response.
    Yeah firstly i was passing plain text but as the credentilas field of LDAP is of type "guided string" so it was gicing the above error.
    But when I try with the encrypted value then i am getting incorrect credentilas meggase because the encrypted value of a plain text
    is genarated dynamically.

  • LDAP user password "force reset" compliance.

    Sun JSWS 7.0
    Sun JSDS 6.0
    I have ACLs set up with an LDAP authentication database. When a user logs in and their password is in the warn before expire time frame they are redirected to the URL defined by "Redirect URL" in the "Edit Authentication DB" web server GUI menu. This is (from what I can tell) the proper behavior.
    Here is the issue- when we create a new user we have an LDAP password policy which is supposed to force the user to change their password at first log in. However, the web server does not seem to comply with this policy and simply allows the user to log in. Is there a way to to configure the web server to send the user to the change password page in this case?
    Thanks,
    Jess

    Theoretically I think it should work I will have to test it. Can you check LDAP Server logs and tell me what's happening?
    Currently Sun Java System Web Server 7.0 redirects you to a URL provided when passwords
    1) are about to expire (LDAP Server returns LDAP_CONTROL_PWEXPIRING ) or
    2) have expired (LDAP Server sends LDAP_CONTROL_PWEXPIRED).
    This page is set by administrators to either communicate to users that their password will expire soon (and possibly offer ways to renew it). The way to set this is in the auth-db configuration (see server.xml) may have an optional element <auth-expiring-url> its value must be a URL.
    When LDAP server returns LDAP_CONTROL_PWEXPIRED control, user is not authenticated in Web Server (hence will be DENIED access to resources which have ACLs that allows access only to authenticated users).
    However when LDAP server returns LDAP_CONTROL_PWEXPIRING, user is authenticated in Web Server (hence will be ALLOWED access to resources which have ACLs that allows access only to authenticated users).
    According to the documentation LDAP server should return LDAP_CONTROL_PWEXPIRED in case the use is logging in the first time
    http://www.mozilla.org/directory/csdk-docs/controls.htm#use_pwd_policy

  • Ldap programming: Admin Reset Password Attribute

    Hi,
    I would like to write a program to reset the user password by a administrator such that the user will get a return code 2 "password is reset by admin" to notify the user to change his password.
    I know attribute password of a user in Directory Server store the password, but I dont know which attribute contain information about "admin had reset the user pasword".
    I got trobule for this question for a few day, hope I could got the answer here. Thz

    The following is an example showing you how to cacth the server control in password expired respective:
    LDAPControl[] ctls = ld.getResponseControls();
              if (ctls != null) {
                   for (int i=0; i<ctls.length; i++) {
                        if (ctls[i] instanceof LDAPPasswordExpiredControl ) {
                             status = PASSWORD_EXPIRED;
                             break;
                        else if (ctls[i] instanceof LDAPPasswordExpiringControl ) {
                             LDAPPasswordExpiringControl c = (LDAPPasswordExpiringControl)ctls;                         
                             status = c.getSecondsToExpiration();
                             break;

  • LDAP import users - restrictions reset after user logs in

    Using ice I imported my users in to a container with a password. With admin rights I checked
    Required a password
    Force periodic password changes
    Required password changes
    Limit grace logins
    User logs in all fields return back to unchecked.
    I gave NDS rights WRITE & add self to the container with inheritable.
    What else do I need to manage users accounts?

    On Wed, 30 Nov 2011 19:56:02 +0000, dcampisi wrote:
    > Using ice I imported my users in to a container with a password. With
    > admin rights I checked
    > Required a password
    > Force periodic password changes
    > Required password changes
    > Limit grace logins
    >
    > User logs in all fields return back to unchecked.
    If you have a password policy (Universal Password), then those attributes
    are updated to reflect the values from your policy when the user logs in.
    You cannot change them to something other than what the policy is
    configured for, they revert back as the policy is enforced.
    David Gersic dgersic_@_niu.edu
    Novell Knowledge Partner http://forums.novell.com
    Please post questions in the forums. No support provided via email.

  • Cisco Unity Connection ViewMail Password manual reset after LDAP change

    Unity Connection 8.5.1, Viewmail 8.5.4 and Exchange 2010 with 2008 AD
    We are migrating to Unity Connection from Unity 7.0.2 and have discovered that when we change our passwords in AD (scheduled every 40 days) this does not get synchronized with viewmail.  Users then receive an error indicating the user ID or password is incorrect and then call the helpdesk to find out where to change this setting.  Has anyone found a way around this.  It is becomking a huge issue with 1200+ employees. 
    Hopefully it is on a roadmap for cisco as well?
    Thanks
    Liz

    'its really a different user experience' you are telling me!!!
    I like the other features that 8.5 brings but the outlook viewmail single sign on design fault is a big mistake. It even effects cupc client as you have to  update the voicemail password in their...
    I did read all the documentation carefully, it doesnt mention that the passwords do no sync. From a end user point of view, this is a disator. 95% of our users manage the voicemail through outlook, if the password doesnt update in viewmail then they can not retrieve their voicemail.
    anyway, i ve spent alot of time and money building the new connection server, but i have no option but to stick to our unity 5 solution. Luckily i noticed this before i changed/migrated people groupwide.
    Thanks a million Cisco, I now have to explain this to our IT director....

Maybe you are looking for

  • Function modules in CRM (read Business Partner attributes)

    Hi, I would like to print a document in wich will be Business Partner attributes and other crmdata. Does anybody know how I can read the Business Partner marketing attributes. Can I use for this some function modules or else? Are there some documenta

  • Removing leading path in the akRegionCode=

    I have create a new page UIX(XML) page. I have deployed it to the middle teir. I am able to view it (e.g. http://uri2.ddd.com:8888/OA_HTML/OA.jsp?akRegionCode=/ddd/oracle/apps/ar/irec/accountDetails/RECONCILE_PAGE&akRegionApplicationId=222&dbc=upg3&I

  • Workflow engine VS Business process engine

    Hi guys, Need some information about the BPE of PI CCBPM and workflow engine of SAP business workflows, are they same ? Regards chandrakanth.k

  • Launch Copy Package for OWNERSHIP app from within the FINANCE app

    Is it possible to launch the standard COPY package from within another application? My case is: I have an OWNERSHIP application with the standard dimensions ENTITY,TIME,CATEGORY,OWNACCOUNT,INTCO. I would like to copy my ownership data from one period

  • Life time of the java MAP

    I want a map / list in my java application that should remain in memory until the lifetime of the application. Suppose if the application's life time is1 year then the specified MAP should also remain in memory for 1 year. I am using JDK1.3. In jdk1.