aoktox / pwm Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/pwm
Automatically exported from code.google.com/p/pwm
What steps will reproduce the problem?
1. Open ConsoleOne
2. Check Properties of any user
3.
What is the expected output? What do you see instead?
Should be no errors, instead I get Error Message: CLASS_NOT_DEFINED
What version of the product are you using? On what operating system?
PWM Release v1.4.3, On SLES 11
Please provide any additional information below.
Error mentioedn above only cropped up after importing edirectory-schema.ldif
Original issue reported on code.google.com by [email protected]
on 17 Jun 2010 at 8:52
Current configuration (as of b914) allows configuring shortcuts to be
presented to users based on ldap search query.
Enhancement is to present shortcuts based on values within an http header.
Whereas a header may be present such as:
X-PWM-Shortcut.1=http://www.google.com;;;Google;;;Google Search
PWM could be configured to look for headers (X-PWM-Shortcut.1 in this
example), and present shortcuts based in the header.
Original issue reported on code.google.com by jrivard
on 4 Jan 2010 at 8:45
Hi,
this is not an issue but two questions about PWM :
1) How do you configure LDAP's server failover ?
2) If you do not intend to use questions/answer, do you really need to
extend eDirectory schema ?
I mean can PWM password change work without schema extension ?
Well, thanks for your help !
Original issue reported on code.google.com by [email protected]
on 2 Mar 2010 at 1:31
What steps will reproduce the problem?
1. Go on the login page
2. Activate Caps Lock
3. Type your password
What is the expected output? What do you see instead?
CapsLocks warning should be displayed if caps lock is on and a key is
pressed
--> "Error on page" is displayed in ie8
What version of the product are you using? On what operating system?
PWM v1.4.3 b922
Original issue reported on code.google.com by [email protected]
on 9 Feb 2010 at 9:52
What steps will reproduce the problem?
1. Enable and configure "New User Registration"
2. New User Registration is available to anyone
What is the expected output? What do you see instead?
Currently New User Registration is available to anyone. We'd like to add
options to allow New User Registration only to certain registered users.
What version of the product are you using? On what operating system?
Revision 110, any OS.
Please provide any additional information below.
We'll provide some new code. We'll add options to PwmSettings.java for:
* Requirement to authenticate (Boolean)
* Group DN that is allowed to register new users
* Attribute used to register the (responsible) logged in user
We'll add code to NewUserServlet.java/processRequest(...) in order to check for
authentication, group membership, and set the attribute value, use the logged
in user's credentials for LDAP communication (in stead of proxy user).
We'll add new variables to PwmSettings.properties to define the form changes.
Am I forgetting something?
Original issue reported on code.google.com by [email protected]
on 27 Feb 2011 at 9:52
What steps will reproduce the problem?
1. User begins account activation and successfully completes stage 1
2. Users "activated" flag is set.
3. User allows their session to timeout before setting a password.
4. Password is still set to the temp value generated by PWM.
5. User is stuck with a useless account.
What is the expected output? What do you see instead?
PWM verify that FULL activaction took place before setting the activated
attribute? Remove temporary password if user is hald activated.
What version of the product are you using? On what operating system?
PWM 1.5.1 redhat linux el5.4 + tomcat6
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 23 Aug 2010 at 6:32
It would be beneficial to add a configuration option to disable DNS resolution
of the requestor IP.
This would be useful for performance tuning. Also for deployments where an
intermediate reverse proxy/access gateway masks the real requestor IP (and
x-forwarded-for isn't used)
What steps will reproduce the problem?
1. Attempt to access PWM from a host with an IP that the PWM server cannot
resolve to a DNS name.
2. Observe a significant delay in establishing a session with (in our
deployment this was between 10-15 seconds)
What is the expected output? What do you see instead?
1. No delay in establishing a session & no hostname resolution in the logging.
What version of the product are you using? On what operating system?
PWM 1.5.2, Windows 2003 Server, Java 1.6, Tomcat 6
Please provide any additional information below.
The DNS resolution is currently implemented in SessionFilter.java
// mark the user's hostname in the session bean
ssBean.setSrcHostname(readUserHostname(req, pwmSession));
Original issue reported on code.google.com by [email protected]
on 4 Feb 2011 at 10:04
We used to have specific NMAS options for challenge.storageMethod.
Now it is limited to PWMTEXT and PWMSHA1.
Is it safe to assume that NMAS is automatically implied
whenldap.edirectory.enableNmas=true?
This is not documented in the history.
Original issue reported on code.google.com by [email protected]
on 11 Jan 2010 at 6:58
What steps will reproduce the problem?
1. Click on Setup Password Responses
2. Log in
3.
What is the expected output? What do you see instead?
Rather than allow me to enter responses and then confirm/save them, instead
when it bring me to the page to enter questions/responses I see an error
"Unable to communicate with server. Continue when ready.". If I enter
responses and then click Save Responses it just dumps me back to the login
screen
What version of the product are you using? On what operating system?
latest release of pwm, on sles 11
Please provide any additional information below.
This cropped up after I set a test user to allow them to right to the
pwmResponseSet attribute. Before I changed that it would allow me to enter and
save responses but would also give an unknown error when trying to write to
ldap source.
Other aspects of pwm seem to work fine (change password or forgot password)
Original issue reported on code.google.com by [email protected]
on 18 Jun 2010 at 5:25
PWM v1.5.0
What steps will reproduce the problem?
1. Default PWM Configuration
2. LDAP user with no "mail" attribute
3. Activate a user.
PWM Crashes with an NPE:
2010-07-12 18:46:56, WARN , servlet.TopServlet, {47,zz} unexpected exception
during page generation: null [0:0:0:0:0:0:0:1]
java.lang.NullPointerException
at password.pwm.servlet.ActivateUserServlet.sendActivationEmail(ActivateUserServlet.java:308)
at password.pwm.servlet.ActivateUserServlet.processRequest(ActivateUserServlet.java:161)
at password.pwm.servlet.TopServlet.handleRequest(TopServlet.java:75)
at password.pwm.servlet.TopServlet.doPost(TopServlet.java:117)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at password.pwm.CaptchaFilter.doFilter(CaptchaFilter.java:56)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at password.pwm.SessionFilter.doFilter(SessionFilter.java:257)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:619)
Original issue reported on code.google.com by jrivard
on 12 Jul 2010 at 10:47
What steps will reproduce the problem?
1. Deploy new installation
2. Open configuration editor
3. Select "show all settings"
What is the expected output? What do you see instead?
Expected: config editor with ALL settings available
Got: back to main screen of the configuration manager
What version of the product are you using? On what operating system?
Revision 110, Tomcat 6 on Mac OS X
Please provide any additional information below.
Saving the configuration enables the advanced configuration.
Original issue reported on code.google.com by [email protected]
on 28 Feb 2011 at 7:10
What steps will reproduce the problem?
What is the expected output? What do you see instead?
Passward changed successfully
What version of the product are you using? On what operating system?
apache-tomcat-7.0.2,PWM v1.5.1,eDirectory 8.8
Please provide any additional information below.
I installed apache tomcat 7.0.2 in eDirectory server & deployed pwm.war file in
specified location.
i have imported ldif file edirectory-schema & edirectory-rights successfully in
eDirectory
After completing the configuration using the configuration editor
http://10.240.111.144:8080/pwm/private/ChangePassword
i tried the above url to change the user password i can able to login into
change password
After entering new password i am getting "Unknown error. If this error occurs
repeatedly please contact your helpdesk".
i even tried with the Auto-generate a new password it ended with same.
I followed the administrator document for installation.
I might did mistake in configuration.
Could you please help me to find out mistake.
I have attached my pwm config file.
also attached catalina log file
Original issue reported on code.google.com by [email protected]
on 28 Sep 2010 at 1:43
Attachments:
What steps will reproduce the problem?
1.I have configured Forgotten Password & Setup Responses in my environment.
2.User in eDir try to access his Forgotten password
3.entered user name (user name present but yet to setup response)
4.I am getting ""The username is not valid or does not have a configured
response "
What is the expected output? What do you see instead?
If the User is valid,he has to redirected to Set Challenge Response
What version of the product are you using? On what operating system?
1.5.2
Please provide any additional information below.
Please help me to come from this issue .
Original issue reported on code.google.com by [email protected]
on 7 Dec 2010 at 4:25
What steps will reproduce the problem?
1. Configure zero required responses (a single blank line in ConfigManager)
2. Make sure no eDirectory policy supplies a required response (eDirectory -
Read Challenge Set == false)
3. Login and access SetupResponses page
v1.5.0 shows an extra input form above the random responses. Only the random
questions should be show.
Worked in previous version.
Original issue reported on code.google.com by jrivard
on 12 Jul 2010 at 10:20
What steps will reproduce the problem?
1. Some of the error messages are missing in the Dutch translation
(error/PwmError_nl.properties)
What is the expected output? What do you see instead?
-
What version of the product are you using? On what operating system?
latest SVN release
Please provide any additional information below.
Please add the following messages:
Password_TooWeak=Het wachtwoord is te eenvoudig. Probeer meer cijfers,
leestekens en hoofd- en kleine letters toe te voegen.
Password_TooManyMonAlpha=Het nieuwe wachtwoord heeft teveel niet alfanumerieke
tekens.
Password_NotEnoughNonAlpha=Het nieuwe wachtwoord heeft niet genoeg niet
alfanumerieke tekens.
Password_UnknownValidation=Het wachtwoord voldoet niet aan de eisen. Probeer
een ander wachtwoord.
Error_InvalidFormID=Uw browsersessie is ongeldig of verlopen. Sluit uw browser
en probeer het opnieuw.
Error_MissingNamingAttr=Het naamgevende attribuut ontbreekt. Neem contact op
met de beheerder.
Error_TokenMissingContact=Er is geen contactinformatie voor uw account. Neem
contact op met de beheerder.
Error_TokenIncorrect=Ongeldige code, probeer het opnieuw.
Error_BadCurrentPassword=Het huidige wachtwoord is niet juist, probeer het
opnieuw.
Error_Closing=De bewerking kon niet worden voltooid, omdat de applicatie aan
het afsluiten is.
Error_Missing_GUID=Kan geen globaal unieke identificatie (GUID) voor de
gebruiker vinden. Neem contact op met de beheerder.
Error_ConfigUploadSuccess=Het bestand is succesvol geladen.
Error_ConfigUploadFailure=Het bestand kon niet geladen worden: %field%
Error_ConfigSaveSuccess=De instellingen zijn succesvol opgeslagen. PWM zal
worden herstart. PWM kan tijdens de herstart onbeschikbaar zijn. Als de
herstart mislukt, moet deze handmatig worden uitgevoerd.
Error_ConfigFormatError=Er bevindt zich een fout in de instellingen: %field%
Error_ConfigLdapFailure=Er is geen verbinding mogelijk met de
LDAP-directoryserver: %field%
Error_ConfigLdapSuccess=Succesvol verbonden met de LDAP-directoryserver
Original issue reported on code.google.com by [email protected]
on 14 Mar 2011 at 8:04
What steps will reproduce the problem?
1.Password policy
2.disallow space in the passwords
3.
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Please provide any additional information below.
Could you please help us in creating a password policy to disallow the space in
their password while the user changing their password using PWM
Original issue reported on code.google.com by [email protected]
on 15 Mar 2011 at 10:36
Currently we are able to view the server configuration.
It would be interesting to be able to modify the configuration directly
from the web interface, instead of editing pwmServlet.properties
Original issue reported on code.google.com by [email protected]
on 9 Feb 2010 at 10:01
What steps will reproduce the problem?
1. Open PWM
2. At the top of the page, the application title will appear twice
What is the expected output? What do you see instead?
One line with the application title, one with a page title
What version of the product are you using? On what operating system?
SVN revision 97/98
Please provide any additional information below.
Change index.jsp to display Title_MainPage in stead of APPLICATION-TITLE (line
35)
Add a line to each of the Display*.properties:
* Default/English:
Title_MainPage=Main Page
* Dutch (nl):
Title_MainPage=Hoofdpagina
* German (de):
Title_MainPage=Hauptseite
* French (fr):
Title_MainPage=Page principale
Original issue reported on code.google.com by [email protected]
on 3 Jan 2011 at 2:37
What steps will reproduce the problem?
1. Nothing
2. Documentation
What is the expected output? What do you see instead?
I Think the file is on /supplemental/ldif/edirectory-schema.ldif
What version of the product are you using? On what operating system?
OES 2 X64
Please provide any additional information below.
Its needed to changue to documentation or the file they are referencing
Original issue reported on code.google.com by [email protected]
on 11 May 2010 at 9:26
What steps will reproduce the problem?
1. Set a password with a "dangerous" character like "(" on an account
2. Try to log in with this account
What is the expected output? What do you see instead?
Expected: succesful login
Seen: login failure
What version of the product are you using? On what operating system?
latest svn revision
Please provide any additional information below.
While working on the guest registration, I have created an account with a
randomly generated password (using existing routines, based on eDirectory rules
--> AD Complexity). PWM's password generator generated a password with "(" in
it.
Trying to login to PWM with the new account failed. The logs show:
2011-03-15 23:52:56, WARN , pwm.Validator, removing potentially malicious
string values from input, converting 'wAningadrog(ated' newValue=wAningadrog'
pattern='(?i)\(.*=*\)*'
Questions:
* why is the password visible in the logs at WARN level?
* why is the password being modified at login?
* shouldn't the password generator check for these "dangerous" characters?
Original issue reported on code.google.com by [email protected]
on 15 Mar 2011 at 11:05
What steps will reproduce the problem?
1. Finalize config file (change ldap server)
2. Check config in memory and ldap servers are still 127.0.0.1
3. Check PwmConfiguration.xml and all setting are as we set them
4. On admin/config.jsp we see the correct values
5. On config/ConfigManager we see incorrect values (defaults??)
What is the expected output? What do you see instead?
It is authenticating us and writing the responses to the correct tree but at
every checkresponses hit, you are asked for you responses again. Why is this
happening??
What version of the product are you using? On what operating system?
PwmConfiguration pwmVersion="1.5.2" pwmBuild="996" createTime="2011-02-24
18:18:12 +0000" modifyTime="2011-03-08 19:26:33 +0000"
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 8 Mar 2011 at 7:36
2010-02-26 11:12:27, WARN , servlet.TopServlet, {3,SLarson} unexpected
exception during page generation: readPassword() is not supported when
ChaiSetting.EDIRECTORY_ENABLE_NMAS is false [10.15.151.1]
java.lang.UnsupportedOperationException: readPassword() is not supported when
ChaiSetting.EDIRECTORY_ENABLE_NMAS is false
Original issue reported on code.google.com by jrivard
on 26 Feb 2010 at 5:43
What steps will reproduce the problem?
1. User enters email address (or some other attribute Value)
2. PWM sends a "special" link to the email address the user has on file
3. The user can then reset their password without using normal
challenge-response
What is the expected output? What do you see instead?
Often users of Web sites can/do not remember their answers.
Original issue reported on code.google.com by jwilleke
on 31 Dec 2010 at 9:40
What steps will reproduce the problem?
1. Start Tomcat service (with PWM deployed)
2. Stop Tomcat service
3. Look in catalina.log : you will find SEVERE errors
Do you have any idea why we get this error / how we can fix it ?
It seems to be due to log4j...
What version of the product are you using?
TOMCAT 6.0.24
JDK 6u18
PWM v1.4.3 b922
Please provide any additional information below.
catalina.log gives :
Mar 11, 2010 2:20:03 PM org.apache.catalina.core.StandardService stop
INFO: Stopping service Catalina
Mar 11, 2010 2:20:05 PM org.apache.catalina.loader.WebappClassLoader
clearReferencesJdbc
SEVERE: A web application registered the JBDC driver
[org.apache.derby.jdbc.AutoloadedDriver] but failed to unregister it when
the web application was stopped. To prevent a memory leak, the JDBC Driver
has been forcibly unregistered.
Mar 11, 2010 2:20:05 PM org.apache.catalina.loader.WebappClassLoader
clearReferencesThreads
SEVERE: A web application appears to have started a thread named [Thread-
3] but has failed to stop it. This is very likely to create a memory leak.
Thread dump gives :
"Thread-3" daemon prio=6 tid=0x02fadc00 nid=0xfc0 waiting on condition
[0x00d1f000]
java.lang.Thread.State: TIMED_WAITING (sleeping)
at java.lang.Thread.sleep(Native Method)
at org.apache.log4j.helpers.FileWatchdog.run(FileWatchdog.java:104)
Original issue reported on code.google.com by [email protected]
on 11 Mar 2010 at 1:24
The i18n toolkit used by pwm does not escape ambiguous character ...
An unescaped string in Display_fr.properties (cf
'Display_IdleTimeout') breaks webkit borwsers (such as safari) :
after a successfull login the browser is redirected
to an unknown url '/pwm/private/undefined'
This behaviour is corrected if the single quote is escaped or removed
from the string.
Step to reproduce :
Use a webkit based browser (safari, epiphany, konqueror)
Choose french as preferred language
go to pwm and try to change password ...
Step to correct:
Replace 'D\u00e9lai d'inactivit\u00e9 :' with D\u00e9lai inactivit\u00e9 :'
Original issue reported on code.google.com by [email protected]
on 26 Jan 2011 at 9:20
What steps will reproduce the problem?
1. Select Dutch (nl) as the main language
What is the expected output? What do you see instead?
See below
What version of the product are you using? On what operating system?
svn revision 98
Please provide any additional information below.
I have attached minor updates to the Dutch localisation (small corrections).
The current Dutch localisation, however, is in the formal form of the language.
I've also added an alternative colloquial/informal version of the Dutch
language files ({Display|Message}_nl-colloquial.properties. Some organizations,
nowadays, prefer the informal version.
Original issue reported on code.google.com by [email protected]
on 5 Jan 2011 at 3:40
Attachments:
The current implementation of PWM can, when enabled, send a token to the user's
email address in order to verify the user's identity, but does so before
letting the user answer the security questions.
We're thinking about extending the token functionality with sending the token
by SMS in stead of email (or let the user choose the medium). Sending SMS
messages involves cost. Therefore the questions and perhaps a captcha, would be
a good "first line of defense" to prevent lots of unnecessary SMS messages to
be sent.
Could the order be changed or made configurable (Questions --> Token / Token
--> Questions)?
Original issue reported on code.google.com by [email protected]
on 16 Dec 2010 at 4:13
What steps will reproduce the problem?
1. Extract Tomcat 7 and setup
2. Update SVN PWM
3. Create WAR
4. Add WAR to Tomcat (extracts)
5. Hit servlet
What is the expected output? What do you see instead?
Expect configuration page.
Java exception outputted instead.
What version of the product are you using? On what operating system?
PWM v1.5.2 devbuild b986
apache-tomcat-7.0.2
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode)
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 4 Oct 2010 at 6:08
Attachments:
What steps will reproduce the problem?
1. In the current revision there is no way to change the language. The language
preference is based on the browser preference, which may not always be set
correctly (because a user is not on his own computer, but in an Internet cafe
or using a friend's computer). The language is stored in the Java session. A
mechanism is needed to the change the session locale.
What is the expected output? What do you see instead?
Expected: interface in selected language:
Now: interface only in browser negotiated language
What version of the product are you using? On what operating system?
svn revision 97
Please provide any additional information below.
A patch for header.jsp is attached. This will allow a user to add ?lang=XX to
the URL and change the display language.
Not included in this patch, but needed for user friendliness is a language
selector within the interface. For our customer we've solved this in the
head-body.jsp with links to "?lang=XX", where XX are the selectable languages.
Original issue reported on code.google.com by [email protected]
on 5 Jan 2011 at 2:56
Attachments:
What steps will reproduce the problem?
1. Configure access gateway to send username / password in Authorization header
(as per pwm docs)
2. Test using an account with one or more ASCII characters included in either
the username or password. Attempt to access a pwm servlet that requires logon
and that is configured as restricted via Access Gateway
3. PWM detects that the username/password supplied in auth header isn't
correct, prompts user to manually enter username/password.
4. Receive an error with the wording: "user
CN=Namtest_1,OU=Users,DC=test,DC=domain username mismatch between supplied
username and username in basic auth header"
What is the expected output?
I would expect that the credential in the Auth header are checked and accepted
by PWM as valid even when there are non ASCII characters in the DN, or CN form
of username, or in the password.
What do you see instead?
Instead a user gets asked for their credentials twice (firstly by the access
gateway, then by pwm before being given the following message: "Authentication
error, please close your browser "
What version of the product are you using? On what operating system?
v1.5.2, windows 2003, against an AD user store
Please provide any additional information below.
I understand that there is no standard for the encoding of the auth header and
in practice when using the auth header from browser to server, the encoding
chosen varies from browser to browser.
However the PWM documentation recommends the use of basic auth / Authorization
header when PWM is used in combination with an access gateway.
In such a configuration, the code page/encoding of requests from the access
gateway would always be consistent. So is should be possible to add an option
to configure PWM to always decode with a specific code page when the
Authorization header is sent in a request to PWM.
Original issue reported on code.google.com by [email protected]
on 14 Feb 2011 at 10:54
What steps will reproduce the problem?
1. Choose the forgotten password option
2. Enter username
3. In the next dialog, the English message stil appears
What is the expected output? What do you see instead?
Expected: Om uw identiteit te controleren is er een beveiligingscode aan u
verzonden. Vul hier de veiligheidscode in.
Shown: English message
What version of the product are you using? On what operating system?
SVN revision 97/98
Please provide any additional information below.
Add line to Display_nl.properties:
Display_RecoverEnterCode=Om uw identiteit te controleren is er een
beveiligingscode aan u verzonden. Vul hier de veiligheidscode in.
Diff: attached
Original issue reported on code.google.com by [email protected]
on 3 Jan 2011 at 2:18
Attachments:
What steps will reproduce the problem?
Configure Access Manager's Password Expiration servlet URL to redirect to PWM
along with the LogoutURL and forceAuth query string params that would customize
the logout location and tell the IDP to re-prompt the user for authentication.
Instead, it just sends me to the static logoutURL specified in the PWM config
XML file, ignoring the custom logout location provided in the URL by NAM when
the user first accesses PWM.
NAM Password Expiration servlet looks like this:
https://pwm.mycompany.com/pwm/private/ChangePassword?passwordExpired=true&forceA
uth=TRUE&logoutURL=<RETURN_URL>
Works fine in 1.4.3 b922, but seemingly broken now in 1.5.1 b975.
What version of the product are you using? On what operating system?
1.5.1 (b975)
Server: SLES 11 64 bit, fully patched; Tomcat 6.0.29; JDK 1.6.21
Original issue reported on code.google.com by [email protected]
on 25 Aug 2010 at 9:43
Hello, I can't seem to get the "Update User Info" feature to work.
have eDirectory 8.8 running on Server 2008 along with IDM 3.6, Java
1.5 and Tomcat 5.5. For troubleshooting purposes I have given the
PwmProxy and the actual user (user1) that I am trying to update full
Admin rights. If I use a 3rd party LDAP tool and authenticate as user1
(my test user with full admin rights) I don't have an issue. When I
use the PWM interface I keep getting the error "Unknown error. If this
error occurs repeatedly please contact your helpdesk." but the user in
eDirectory does get the update. I will include my Tomcat error below.
2010-09-10 13:58:56, INFO , pwm.AuthenticationFilter, {4-,user1}
successful ssl authentication for cn=user1,ou=TEST,o=IDMWO (69ms)
[192.168.0.99/ts99.portwinnipeg.ca]
2010-09-10 13:59:17, INFO , servlet.UpdateAttributesServlet, updating
attributes for cn=user1,ou=TEST,o=IDMWO
2010-09-10 13:59:17, INFO , pwm.Helper, {4-,user1} set attribute on
user cn=user1,ou=TEST,o=IDMWO (title=dfdff) [192.168.0.99/
tsc251.uwinnipeg.ca]
2010-09-10 13:59:17, WARN , servlet.TopServlet, {4-,user1} unexpected
exception during page generation: may not read STRING_ARRAY value for
setting: UPDATE_ATTRIBUTES_WRITE_ATTRIBUTES [192.168.0.99/pc.test.ca]
java.lang.IllegalArgumentException: may not read STRING_ARRAY value
for setting: UPDATE_ATTRIBUTES_WRITE_ATTRIBUTES
at
password.pwm.config.StoredConfiguration.readStringArraySetting(StoredConfigurati
on.java:
171)
at
password.pwm.config.Configuration.readStringArraySetting(Configuration.java:
68)
at
password.pwm.servlet.UpdateAttributesServlet.handleUpdateRequest(UpdateAttribute
sServlet.java:
161)
at
password.pwm.servlet.UpdateAttributesServlet.processRequest(UpdateAttributesServ
let.java:
84)
at password.pwm.servlet.TopServlet.handleRequest(TopServlet.java:75)
at password.pwm.servlet.TopServlet.doPost(TopServlet.java:117)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilt
erChain.java:
269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.
java:
188)
at
password.pwm.AuthenticationFilter.processAuthenticatedSession(AuthenticationFilt
er.java:
133)
at
password.pwm.AuthenticationFilter.doFilter(AuthenticationFilter.java:
83)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilt
erChain.java:
215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.
java:
188)
at password.pwm.SessionFilter.doFilter(SessionFilter.java:257)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilt
erChain.java:
215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.
java:
188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
172)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
174)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
873)
at org.apache.coyote.http11.Http11BaseProtocol
$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:
665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:
528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorker
Thread.java:
81)
at org.apache.tomcat.util.threads.ThreadPool
$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)
Original issue reported on code.google.com by jrivard
on 10 Sep 2010 at 9:05
What steps will reproduce the problem?
1. Install/configure PWM revision 111
2. Go to Configuration Editor
3. Save configuration
4. Wait for application to restart
5. Go to Configuration Editor --> New User Registration
6. Add a locale to the list of attributes, or try to remove a string
What is the expected output? What do you see instead?
Expected: changes to form reflected (new locale or removed attribute)
Observed: Error message: error writing setting newUser.form, reason:
SyntaxError: syntax error
What version of the product are you using? On what operating system?
Revision 111, Tomcat 6, Mac OS X
Please provide any additional information below.
2011-03-04 09:18:26, TRACE, pwm.SessionFilter, {k~} POST request for:
/pwm/config/ConfigManager [127.0.0.1/localhost]
key='newUser.form'
pwmFormID='xnaZboJDFpaKHSYb6Q0u6KIexVRHilfzb5a0420612e7fe170a1'
processAction='writeSetting'
2011-03-04 09:18:26, WARN , servlet.TopServlet, {k~} unexpected exception
during page generation: The JsonDeserializer
com.google.gson.DefaultTypeAdapters$CollectionTypeAdapter@13f002ee failed to
deserialized json object
{"0":"cn:Username:text:2:10:true:false","1":"givenName:First
name:text:4:40:true:false","2":"sn:Last
name:text:4:40:true:false","3":"mail:Email
Address:email:3:50:true:true","4":"telephoneNumber:Telephone
Number:text:7:10:true:false"} given the type java.util.List<java.lang.String>
[127.0.0.1/localhost]
com.google.gson.JsonParseException: The JsonDeserializer
com.google.gson.DefaultTypeAdapters$CollectionTypeAdapter@13f002ee failed to
deserialized json object
{"0":"cn:Username:text:2:10:true:false","1":"givenName:First
name:text:4:40:true:false","2":"sn:Last
name:text:4:40:true:false","3":"mail:Email
Address:email:3:50:true:true","4":"telephoneNumber:Telephone
Number:text:7:10:true:false"} given the type java.util.List<java.lang.String>
at com.google.gson.JsonDeserializerExceptionWrapper.deserialize(JsonDeserializerExceptionWrapper.java:63)
at com.google.gson.JsonDeserializationVisitor.invokeCustomDeserializer(JsonDeserializationVisitor.java:88)
at com.google.gson.JsonDeserializationVisitor.visitUsingCustomHandler(JsonDeserializationVisitor.java:76)
at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:106)
at com.google.gson.JsonDeserializationContextDefault.fromJsonObject(JsonDeserializationContextDefault.java:73)
at com.google.gson.JsonDeserializationContextDefault.deserialize(JsonDeserializationContextDefault.java:51)
at com.google.gson.DefaultTypeAdapters$MapTypeAdapter.deserialize(DefaultTypeAdapters.java:608)
at com.google.gson.DefaultTypeAdapters$MapTypeAdapter.deserialize(DefaultTypeAdapters.java:573)
at com.google.gson.JsonDeserializerExceptionWrapper.deserialize(JsonDeserializerExceptionWrapper.java:50)
at com.google.gson.JsonDeserializationVisitor.invokeCustomDeserializer(JsonDeserializationVisitor.java:88)
at com.google.gson.JsonDeserializationVisitor.visitUsingCustomHandler(JsonDeserializationVisitor.java:76)
at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:106)
at com.google.gson.JsonDeserializationContextDefault.fromJsonObject(JsonDeserializationContextDefault.java:73)
at com.google.gson.JsonDeserializationContextDefault.deserialize(JsonDeserializationContextDefault.java:51)
at com.google.gson.Gson.fromJson(Gson.java:568)
at com.google.gson.Gson.fromJson(Gson.java:515)
at com.google.gson.Gson.fromJson(Gson.java:484)
at com.google.gson.Gson.fromJson(Gson.java:434)
at password.pwm.servlet.ConfigManagerServlet.writeSetting(ConfigManagerServlet.java:271)
at password.pwm.servlet.ConfigManagerServlet.processRequest(ConfigManagerServlet.java:84)
at password.pwm.servlet.TopServlet.handleRequest(TopServlet.java:75)
at password.pwm.servlet.TopServlet.doPost(TopServlet.java:119)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at password.pwm.SessionFilter.doFilter(SessionFilter.java:232)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:680)
Caused by: java.lang.IllegalStateException: This is not a JSON Array.
at com.google.gson.JsonElement.getAsJsonArray(JsonElement.java:99)
at com.google.gson.DefaultTypeAdapters$CollectionTypeAdapter.deserialize(DefaultTypeAdapters.java:544)
at com.google.gson.DefaultTypeAdapters$CollectionTypeAdapter.deserialize(DefaultTypeAdapters.java:510)
at com.google.gson.JsonDeserializerExceptionWrapper.deserialize(JsonDeserializerExceptionWrapper.java:50)
... 38 more
2011-03-04 09:18:27, TRACE, pwm.SessionFilter, {k~} GET request for:
/pwm/config/ConfigManager [127.0.0.1/localhost]
key='newUser.form'
pwmFormID='xnaZboJDFpaKHSYb6Q0u6KIexVRHilfzb5a0420612e7fe170a1'
processAction='readSetting'
On a new configuration, the error also exists, but says the value is null, and
does not create a large stack trace.
Original issue reported on code.google.com by [email protected]
on 4 Mar 2011 at 8:33
What steps will reproduce the problem?
1. Configure PWM to authenticate against AD user store
2. Modify domain password policy to set passwords to expire in 1 day (minimum)
3. Create test account in AD, wait 24 hours and attempt to change password -
this will fail with message "The username or password is not valid. Please try
again."
4. Create additional test account in AD, this should still have a valid
(unexpired password as it was newly created) - attempt to change the password
for this user and it should succeed.
What is the expected output? What do you see instead?
Expected - successful password change
Result - The username or password is not valid. Please try again.
What version of the product are you using? On what operating system?
Tested with pwm 1.5.2 and 1.5.1
Tomcat Version Apache Tomcat/6.0.20
JVM Version 1.6.0_22-b04
JVM Vendor Sun Microsystems Inc.
OS Name Windows 2003
OS Architecture x86
Please provide any additional information below.
I suspect that the problem may be in the underlying LDAP Chai code or not.
There appears to be no checking of the sub-error code, both incorrect password
and password expired produce the same result.
* 525 - user not found
* 52e - invalid credentials
* 530 - not permitted to logon at this time
* 532 - password expired
* 533 - account disabled
* 701 - account expired
* 773 - user must reset password
See attached excerpt of a PWM trace, one login is deliberately mistyping
password, the other is with the correct but expired password.
Original issue reported on code.google.com by [email protected]
on 12 Nov 2010 at 12:16
Attachments:
What steps will reproduce the problem?
1. New install of PWM (from SVN, revision 108), no configuration
2. Open browser
3. Go to http(s)://<yoursite>:<port>/pwm/
What is the expected output? What do you see instead?
The expected output is a working site that allows you to create a starting
configuration, but instead you get a null pointer exception, because there is
no configuration.
What version of the product are you using? On what operating system?
revision 108 on Tomcat 6, SLES 11 P1
Please provide any additional information below.
A patch for SessionFilter.java is attached.
Original issue reported on code.google.com by [email protected]
on 25 Feb 2011 at 7:24
Attachments:
Attached are updated properties files for Dutch localisation.
Original issue reported on code.google.com by [email protected]
on 30 Nov 2010 at 9:38
Attachments:
Can I just use the one from the 1.4.3 download?
Original issue reported on code.google.com by [email protected]
on 13 Jul 2010 at 3:14
PWM v1.5.0
What steps will reproduce the problem?
1. Edit ConfigManager -> Event Logging -> User History Attribute
2. UI won't allow removal of value, even though description says it should be
able to blanked.
Original issue reported on code.google.com by jrivard
on 12 Jul 2010 at 10:58
Hi,
In order to implement localisation for the front page, I've taken the index.jsp
from SVN and updated this file as well as Display.properties and
Display_nl.properties. Updated files are attached to this message.
Regards,
Menno
Original issue reported on code.google.com by [email protected]
on 24 Dec 2010 at 10:24
Attachments:
Please provide any additional information below.
A minor issue with the recent change to not require Challenge Responses... I'm
suggesting to remove that from the messages, in English, anyway, as it doesn't
make sense if challenge responses are not required.
Suggested Patch attached.
Original issue reported on code.google.com by [email protected]
on 12 Mar 2011 at 1:41
Attachments:
What steps will reproduce the problem?
1. Assign to a user a password policy with minimum X characters
2. With the user, log in and go to the change password interface
3. Enter a X characters password containing the euro currency symbol €
4. The interface will tell you "password is too short"
What is the expected output? What do you see instead?
The interface should either accept the euro symbol as a character,
or refuse it with an explicit message such as "character not allowed"
I made the test using IE6 on Windows (FR version)
So far I don't know yet which function should be modified...
Original issue reported on code.google.com by [email protected]
on 19 Mar 2010 at 8:04
I have tried configuring this multiple ways and it seems like the
behavior is as follows:
- the "activateuser" page ignores the context drop down menu and only
uses what is specified in the "contextless login root"
- the "change password" page correctly uses the context drop down menu
- the "setup responses" page correctly users the context drop down
menu
- the "forgotten password" page correctly uses the context drop down
menu
I was thinking that the correct way to configure this was to specify
the "base" such dc=example,dc=com as the root. Then specify only
"ou=group1" or "ou=group2" for my contexts, allowing PWM to append the
base to each context to perform its searching. But it only seems to
work (on the pages above) if I specify the entire tree
(ou=group1,dc=example,dc=com). The 3 pages that "correctly work"
above will work fine even if no "contextless root" is configured, but
activation ONLY seems to use the value defined in contextless root and
ignores the value in the drop down menu...even if one is selected.
Original issue reported on code.google.com by [email protected]
on 2 Nov 2010 at 2:27
What steps will reproduce the problem?
---
Attempt to change an AD password via PWM, specific AD passwords may be flagged
as invalid (when they actually would be valid)
or
in the case of an invalid password (for example one that incorporates the
samAccountName) is flagged as OK by PWM but an error is generated by AD when
attempting to change the password.
What version of the product are you using? On what operating system?
PWM 1.5.2 - Windows 2003.
AD domain mixed Windows 2003/Windows 2008
Please provide any additional information below.
---
The most detailed/accurate description of AD Password Complexity I can find on
microsoft.com "Microsoft AD Password Complexity" implements the following rules
http://technet.microsoft.com/en-us/library/cc786468%28WS.10%29.aspx
PWM checks AD Password Complexity via function checkPasswordForADComplexity in
Validator.java
Currently, PWM does not perform a proper check according to the referenced
Microsoft document. It appears that the check was coded against an earlier
published reference.
The following inconsistencies exist with the PWM checkPasswordForADComplexity
feature:
- Does not check the attribute samAccountName at all.
- Display name check is totally wrong, but is actually stricter than it needs
to be.
- Check of CN and full name are not necessary (according to MS document CN is
not used in AD Password complexity check). Also full name is not an LDAP
attribute in AD.
- A 5th category is referenced (Any Unicode character that is categorised as an
alphabetic character but is not upper-case or lower-case. This includes Unicode
characters from Asian languages.) but this category is not coded in PWM.
Original issue reported on code.google.com by [email protected]
on 3 Feb 2011 at 1:59
What steps will reproduce the problem?
1. Open Configuration Editor
2. Go to "User Interface" --> Application Title
3. Select a new language code and click "Add locale"
4. An error occurs
What is the expected output? What do you see instead?
The expected output is a new input field. Instead an error message is shown.
What version of the product are you using? On what operating system?
SVN revision 108, tomcat 6, SLES 11.0
Browsers:
* Firefox 4.0b11 on Mac OS X 10.6
* Camino Version 2.0.6 (1.9.0.19 2010111021) on Mac OS X 10.6
* Chrome 11.0.672.2 dev
Please provide any additional information below.
This also happens with other localisation fields.
Chrome provides a more detailed message: error writing setting
display.applicationTitle, reason: TypeError: Cannot read property 'isDefault'
of null
Original issue reported on code.google.com by [email protected]
on 25 Feb 2011 at 7:47
On the change password page, both following strings are not translated
into french :
Requirement_CaseSensitive=Password is case sensitive.
Password_MissingConfirm=Password meets requirements, please confirm
I suggest the following translation :
Requirement_CaseSensitive=Le mot de passe est sensible à la casse
Password_MissingConfirm=Veuillez saisir la confirmation du mot de passe
Original issue reported on code.google.com by [email protected]
on 25 Feb 2010 at 4:39
What steps will reproduce the problem?
1. Setup PWM to read from AD
2. Go to the change password screen.
What is the expected output? What do you see instead?
I expect that password requirements show as case-sensitive.
What version of the product are you using? On what operating system?
PWM Developer Build #1020 - AD 2003 - Sun's Java 1.6
Please provide any additional information below.
I have a system setup to AD, and it states that passwords are not case
sensitive. I can't figure out how to make them case-sensitive or at
least read the proper value for this. Filing as a bug per discussion group.
Original issue reported on code.google.com by [email protected]
on 14 Mar 2011 at 2:28
What steps will reproduce the problem?
1.
2.
3.
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 15 Mar 2011 at 10:33
What steps will reproduce the problem?
1. Install a fresh PWM r111
2. Click any function that requires authentication
3. Log in with a valid, working account and correct password
4. An error message occurs, saying that login failed because the directory is
unavailable.
What is the expected output? What do you see instead?
Expected: succesful login
Seen: "Directory unavailable. If this error occurs repeatedly please contact
your helpdesk.
An error has occurred. Please close your browser and try again later. If this
error occurs repeatedly, please contact your help desk."
What version of the product are you using? On what operating system?
SVN revision 111, on Tomcat 6, both on SLES 11P1 and Mac OS X 10.6.6
Please provide any additional information below.
Logs show a succesful login, but immediately show a failed connection to the
same LDAP server:
2011-03-02 09:29:05, TRACE, pwm.SessionFilter, {0} POST request for:
/pwm/private/Login [192.168.1.2/client.example.com]
password=***removed***
pwmFormID='9NW65LpMpRqFMOgwOmlQiihhf1K5kgPP7ab76bab12e75af1368'
processAction='login'
username='p.puk'
2011-03-02 09:29:05, TRACE, pwm.AuthenticationFilter, {0} permitting
unauthenticated request of login page [192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.UserStatusHelper, {0} attempting username
search for 'p.puk' in context dc=example,dc=com [192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.UserStatusHelper, {0} search for username:
(&(objectClass=Person)(cn=p.puk)), searchDN: dc=example,dc=com
[192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.ContextManager, opening new ldap proxy
connection
2011-03-02 09:29:05, TRACE, pwm.Helper, creating new chai provider using config
of ChaiConfiguration: locked=false settings:
{chai.bind.URLs=ldaps://127.0.0.1:636,,
chai.bind.dn=cn=pwmproxy,ou=users,o=data, chai.bind.password=**stripped**,
chai.cache.enable=false, chai.cache.maximumSize=128,
chai.cache.maximumAge=1000, chai.statistics.enable=true,
chai.watchdog.enable=false, chai.watchdog.operationTimeout=60000,
chai.watchdog.idleTimeout=30000, chai.connection.watchdog.frequency=5000,
chai.connection.promiscuousSSL=true, chai.wireDebug.enable=false,
chai.failover.enable=true, chai.failover.failBackTime=90000,
chai.failover.connectRetries=4, chai.ldap.dereferenceAliases=never,
chai.ldap.ldapTimeout=5000,
chai.provider.implementation=com.novell.ldapchai.provider.JNDIProviderImpl,
chai.edirectory.enableNMAS=true,
chai.provider.extendedOperation.failureCache=true,
chai.provider.readonly=false,
chai.default.identityAttributes=cn,uid,givenName,initials,sn,mail,telephoneNumbe
r,workforceID, chai.vendor.default=}
2011-03-02 09:29:05, TRACE, provider.JNDIProviderImpl, bind successful as
cn=pwmproxy,ou=users,o=data (51ms)
2011-03-02 09:29:05, TRACE, provider.ChaiProviderFactory, adding
StatisticsWrapper to provider instance
2011-03-02 09:29:05, TRACE, pwm.UserStatusHelper, {0} username match found:
cn=p.puk,ou=Students,ou=Users,dc=example,dc=com [192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.AuthenticationFilter, {0} attempting
authentication using ldap BIND [192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.SessionManager, {0} opened new ldap connection
for null (0ms) [192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.Helper, creating new chai provider using config
of ChaiConfiguration: locked=false settings:
{chai.bind.URLs=ldaps://127.0.0.1:636,,
chai.bind.dn=cn=p.puk,ou=Students,ou=Users,dc=example,dc=com,
chai.bind.password=**stripped**, chai.cache.enable=false,
chai.cache.maximumSize=128, chai.cache.maximumAge=1000,
chai.statistics.enable=true, chai.watchdog.enable=true,
chai.watchdog.operationTimeout=60000, chai.watchdog.idleTimeout=61202,
chai.connection.watchdog.frequency=60000, chai.connection.promiscuousSSL=true,
chai.wireDebug.enable=false, chai.failover.enable=true,
chai.failover.failBackTime=90000, chai.failover.connectRetries=4,
chai.ldap.dereferenceAliases=never, chai.ldap.ldapTimeout=5000,
chai.provider.implementation=com.novell.ldapchai.provider.JNDIProviderImpl,
chai.edirectory.enableNMAS=true,
chai.provider.extendedOperation.failureCache=true,
chai.provider.readonly=false,
chai.default.identityAttributes=cn,uid,givenName,initials,sn,mail,telephoneNumbe
r,workforceID, chai.vendor.default=}
2011-03-02 09:29:05, TRACE, provider.JNDIProviderImpl, bind successful as
cn=p.puk,ou=Students,ou=Users,dc=example,dc=com (44ms)
2011-03-02 09:29:05, TRACE, provider.ChaiProviderFactory, adding
WatchdogWrapper to provider instance
2011-03-02 09:29:05, DEBUG, provider.WatchdogWrapper, starting up LDAP Chai
WatchdogWrapper timer thread, 60000ms check frequency
2011-03-02 09:29:05, TRACE, provider.ChaiProviderFactory, adding
StatisticsWrapper to provider instance
2011-03-02 09:29:05, TRACE, entry.EdirEntries, using active universal password
policy for user cn=p.puk,ou=Students,ou=Users,dc=example,dc=com at cn=Example
Password Policy,cn=Password Policies,cn=Security
2011-03-02 09:29:05, DEBUG, pwm.PwmPasswordPolicy, {0} discovered assigned
password policy for cn=p.puk,ou=Students,ou=Users,dc=example,dc=com at
cn=Example Password Policy,cn=Password Policies,cn=Security PwmPasswordPolicy:
{MaximumSpecial=0, PolicyEnabled=true, DisallowedValues=[], MaximumLength=32,
MinimumNumeric=0, ChangeMessage=, MaximumLowerCase=0,
AllowFirstCharNumeric=TRUE, MaximumNumeric=0, MaximumSequentialRepeat=0,
CaseSensitive=TRUE, MinimumUpperCase=0, MinimumUnique=3,
AllowLastCharSpecial=TRUE, AllowFirstCharSpecial=TRUE, AllowSpecial=TRUE,
MaximumUpperCase=0, MinimumSpecial=0, AllowLastCharNumeric=TRUE,
MinimumLength=6, MinimumLifetime=0, UniqueRequired=FALSE,
DisallowedAttributes=[Full Name, Given Name, Surname, uniqueID, CN,
displayName], MinimumLowerCase=0, ExpirationInterval=0, AllowNumeric=TRUE}
[192.168.1.2/client.example.com]
2011-03-02 09:29:05, DEBUG, pwm.PwmPasswordPolicy, {0} merged password policy
with PWM configured policy: PwmPasswordPolicy: {MaximumSpecial=0,
PolicyEnabled=true, DisallowedValues=[secret, wachtwoord, password, geheim],
RegExNoMatch=, MaximumAlpha=null, EnableWordlist=true, ChangeMessage=,
CaseSensitive=true, MinimumUnique=3, AllowFirstCharSpecial=true,
AllowSpecial=true, AllowLastCharNumeric=true, MinimumLength=6,
MinimumNonAlpha=null, MinimumLifetime=0, MinimumLowerCase=0,
DisallowedAttributes=[givenName, fullName, CN, Surname, sn, cn, uniqueID, Full
Name, uniqueId, displayName, Given Name], MaximumLength=32, MinimumNumeric=0,
RegExMatch=, MaximumNonAlpha=null, MaximumLowerCase=0,
AllowFirstCharNumeric=true, MaximumNumeric=0, MinimumAlpha=null,
MaximumSequentialRepeat=0, MinimumUpperCase=0, AllowLastCharSpecial=true,
MinimumStrength=45, ADComplexity=false, MaximumUpperCase=0, MinimumSpecial=0,
UniqueRequired=false, MaximumRepeat=null, ExpirationInterval=0,
AllowNumeric=true} [192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.PwmPasswordPolicy, {0} createPwmPasswordPolicy
completed in 23ms [192.168.1.2/client.example.com]
2011-03-02 09:29:05, DEBUG, pwm.CrUtility, {0} using nmas c/r policy for user
cn=p.puk,ou=Students,ou=Users,dc=example,dc=com: ChallengeSet identifier:
1298648483067, minRandom: 2, locale: en, (Challenge: [undefined], required:
true, adminDefined: false, minLength: 2, maxLength: 255) (Challenge: "What was
your childhood nickname?", required: false, adminDefined: true, minLength: 2,
maxLength: 255) (Challenge: "Where were you when you had your first kiss?",
required: false, adminDefined: true, minLength: 2, maxLength: 255) (Challenge:
"Who was your childhood hero? ", required: false, adminDefined: true,
minLength: 2, maxLength: 255) (Challenge: "What is the street number of the
house you grew up in?", required: false, adminDefined: true, minLength: 1,
maxLength: 255) (Challenge: "What was the first concert you attended?",
required: false, adminDefined: true, minLength: 2, maxLength: 255) (Challenge:
"What is the last name of your favorite high school teacher?", required: false,
adminDefined: true, minLength: 2, maxLength: 255)
[192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.CrUtility, {0} readUserChallengeSet completed
in 11ms [192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.UserStatusHelper, {0,p.puk} beginning password
status check process for cn=p.puk,ou=Students,ou=Users,dc=example,dc=com
[192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.UserStatusHelper, {0,p.puk} password for
cn=p.puk,ou=Students,ou=Users,dc=example,dc=com does not appear to be expired
[192.168.1.2/client.example.com]
2011-03-02 09:29:05, DEBUG, pwm.UserStatusHelper, {0,p.puk} completed user
password status check for cn=p.puk,ou=Students,ou=Users,dc=example,dc=com
PasswordStatus {expired=false, pre-expired=false, warn=false,
violatesPolicy=false} (3ms) [192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.UserStatusHelper, {0,p.puk} beginning check to
determine if responses need to be configured for user
[192.168.1.2/client.example.com]
2011-03-02 09:29:05, DEBUG, pwm.UserStatusHelper, {0,p.puk}
checkIfResponseConfigNeeded: cn=p.puk,ou=Students,ou=Users,dc=example,dc=com is
not eligible for checkIfResponseConfigNeeded due to query match
[192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.UserStatusHelper, {0,p.puk}
populateUserInfoBean for cn=p.puk,ou=Students,ou=Users,dc=example,dc=com
completed in 68ms [192.168.1.2/client.example.com]
2011-03-02 09:29:05, INFO , pwm.AuthenticationFilter, {0,p.puk} successful ssl
authentication for cn=p.puk,ou=Students,ou=Users,dc=example,dc=com (210ms)
[192.168.1.2/client.example.com]
2011-03-02 09:29:05, TRACE, pwm.Helper, {0,p.puk} assigning new GUID to user
cn=p.puk,ou=Students,ou=Users,dc=example,dc=com [192.168.1.2/client.example.com]
2011-03-02 09:29:05, WARN , provider.FailOverWrapper, unable to reach ldap
server ldaps://127.0.0.1:636
2011-03-02 09:29:07, TRACE, provider.JNDIProviderImpl, bind successful as
cn=pwmproxy,ou=users,o=data (43ms)
2011-03-02 09:29:07, WARN , provider.FailOverWrapper, unable to reach ldap
server ldaps://127.0.0.1:636
2011-03-02 09:29:08, TRACE, provider.JNDIProviderImpl, bind successful as
cn=pwmproxy,ou=users,o=data (44ms)
2011-03-02 09:29:08, WARN , provider.FailOverWrapper, unable to reach ldap
server ldaps://127.0.0.1:636
2011-03-02 09:29:09, TRACE, provider.JNDIProviderImpl, bind successful as
cn=pwmproxy,ou=users,o=data (50ms)
2011-03-02 09:29:09, WARN , provider.FailOverWrapper, unable to reach ldap
server ldaps://127.0.0.1:636
2011-03-02 09:29:10, TRACE, provider.JNDIProviderImpl, bind successful as
cn=pwmproxy,ou=users,o=data (39ms)
2011-03-02 09:29:10, FATAL, servlet.TopServlet, {0,p.puk} unable to contact
ldap directory: unable to reach any configured server, maximum retries exceeded
[192.168.1.2/client.example.com]
2011-03-02 09:29:10, DEBUG, pwm.SessionManager, {0} closing user ldap
connection [192.168.1.2/client.example.com]
2011-03-02 09:29:10, DEBUG, provider.WatchdogWrapper, exiting LDAP Chai
WatchdogWrapper timer thread, no connections requiring monitoring are in use
2011-03-02 09:29:10, DEBUG, pwm.PwmSession, {0} unauthenticate session from
192.168.1.2 (cn=p.puk,ou=Students,ou=Users,dc=example,dc=com)
[192.168.1.2/client.example.com]
[note: hostnames/IPs, DN's changed in above log dump]
[b.t.w. it worked fine in previous versions]
Original issue reported on code.google.com by [email protected]
on 2 Mar 2011 at 8:40
What steps will reproduce the problem?
1. Fail an account so it gets locked out.
2. Using the Forgot Password option, attempt to unlock account or reset
password.
What is the expected output? What do you see instead?
I would expect that the account would be unlocked.
What version of the product are you using? On what operating system?
PWM Developer Build #1020 on Ubuntu 10.04
Please provide any additional information below.
When choosing to unlock the account/reset the password, it simply goes to the
next page, no event logs, no errors, no success messages.
Original issue reported on code.google.com by [email protected]
on 11 Mar 2011 at 9:41
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.